Format String Vulnerability in NetWin SurgeMail WebMail Component
CVE-2008-1055

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgemail; Webmail
Vendor: CVE Published:; 27 February 2008

What is CVE-2008-1055?

A format string vulnerability exists in the webmail.exe component of NetWin SurgeMail, impacting versions 38k4 and earlier, as well as beta version 39a, and WebMail version 3.1s and earlier. This flaw allows remote attackers to exploit format string specifiers in the page parameter, potentially leading to a denial of service through daemon crashes. In some cases, this vulnerability could also enable attackers to execute arbitrary code, thereby compromising the confidentiality and integrity of the system.

References

http://securityreason.com/securityalert/3705

third-party-advisoryx_refsource_SREASON

http://aluigi.altervista.org/adv/surgemailz-adv.txt

x_refsource_MISC

http://secunia.com/advisories/29137

third-party-advisoryx_refsource_SECUNIA

EPSS Score

21% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 27, 2008
Vulnerability Reserved
Feb 27, 2008

Netwin

What is CVE-2008-1055?

References

EPSS Score

Timeline