Remote Code Execution Vulnerability in NetWin Surgemail IMAP Service
CVE-2008-1498

Currently unrated

Key Information:

Vendor: Netwin
Status: Surgemail
Vendor: CVE Published:; 25 March 2008

What is CVE-2008-1498?

The IMAP service in NetWin Surgemail versions 3.8k4-4 and earlier is susceptible to a stack-based buffer overflow. This vulnerability allows authenticated remote users to execute arbitrary code by sending a specially crafted long argument in the LIST command. Such an exploit could result in serious consequences for the server's integrity and security. It is crucial for users of affected versions to apply necessary updates or implement mitigation strategies to safeguard against potential threats.

References

https://www.exploit-db.com/exploits/5259

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/29105

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/28260

vdb-entryx_refsource_BID

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 25, 2008
Vulnerability Reserved
Mar 25, 2008

Netwin

What is CVE-2008-1498?

References

EPSS Score

Timeline