Heap-based Buffer Overflow in Novell NetMail AntiVirus Agent
CVE-2007-6302

Currently unrated

Key Information:

Vendor: Novell
Status: Netmail
Vendor: CVE Published:; 10 December 2007

Summary

The vulnerability in Novell NetMail's avirus.exe component, present in versions prior to Messaging Architects M+NetMail 3.52f, is characterized by multiple heap-based buffer overflows. Attackers can exploit these weaknesses by supplying specially crafted ASCII integers as memory allocation arguments, potentially allowing them to execute arbitrary code remotely. This presents a significant security risk for users of these affected products if timely measures are not taken.

References

https://secure-support.novell.com/KanisaPlatform/Publishi...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2007/4112

vdb-entryx_refsource_VUPEN

http://www.zerodayinitiative.com/advisories/ZDI-07-072.html

x_refsource_MISC

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2007
Vulnerability Reserved
Dec 10, 2007