Vulnerability Details CVE-2008-7074
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.091
EPSS Ranking 92.3%
CVSS Severity
CVSS v2 Score 9.3
References
- http://memecode.com/site/ver.php?id=264
- http://osvdb.org/50232
- http://secunia.com/advisories/32906
- http://www.securityfocus.com/bid/32497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46970
- https://www.exploit-db.com/exploits/7249
- http://memecode.com/site/ver.php?id=264
- http://osvdb.org/50232
- http://secunia.com/advisories/32906
- http://www.securityfocus.com/bid/32497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46970
- https://www.exploit-db.com/exploits/7249
Products affected by CVE-2008-7074
-
cpe:2.3:a:memcode:i.scribe:1.88
-
cpe:2.3:a:memcode:i.scribe:1.89
-
cpe:2.3:a:memcode:i.scribe:1.90
-
cpe:2.3:a:memcode:i.scribe:2.00