CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-5467

Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.18

EPSS Ranking 94.9%

CVSS Severity

CVSS v2 Score 10.0

References

http://secunia.com/advisories/27220
http://www.digit-labs.org/files/exploits/extremail-v3.pl
http://www.securityfocus.com/archive/1/482293
http://www.securityfocus.com/bid/26074
https://www.exploit-db.com/exploits/4532
http://secunia.com/advisories/27220
http://www.digit-labs.org/files/exploits/extremail-v3.pl
http://www.securityfocus.com/archive/1/482293
http://www.securityfocus.com/bid/26074
https://www.exploit-db.com/exploits/4532

Products affected by CVE-2007-5467

Extremail » Extremail » Version: Any

cpe:2.3:a:extremail:extremail:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-5467

Products

Pricing

Contact Us