Vulnerability Details CVE-2017-6506
In Azure Data Expert Ultimate 2.2.16, the SMTP verification function suffers from a buffer overflow vulnerability, leading to remote code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.216
EPSS Ranking 95.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- http://packetstormsecurity.com/files/141502/Azure-Data-Expert-Ultimate-2.2.16-Buffer-Overflow.html
- http://www.securityfocus.com/bid/96824
- https://www.exploit-db.com/exploits/41545/
- http://packetstormsecurity.com/files/141502/Azure-Data-Expert-Ultimate-2.2.16-Buffer-Overflow.html
- http://www.securityfocus.com/bid/96824
- https://www.exploit-db.com/exploits/41545/
Products affected by CVE-2017-6506
-
cpe:2.3:a:azure_dex:data_expert_ultimate:2.2.16