Buffer Overflow in NetWin Surgemail IMAP Service
CVE-2008-7182

Currently unrated

Key Information:

Vendor

Netwin

Status
Surgemail
Vendor
CVE Published:
8 September 2009

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 11%

What is CVE-2008-7182?

The IMAP service in NetWin Surgemail 3.9e and earlier versions prior to 3.9g2 is prone to a buffer overflow. This vulnerability allows remote authenticated users to exploit the service by sending a long first argument to the APPEND command, potentially resulting in a denial of service by crashing the server and, in certain scenarios, may allow execution of arbitrary code. It is important to note that due to insufficient details, the uniqueness of this vulnerability in relation to other known issues is uncertain.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-7182 - Proof of Concept

References

https://www.exploit-db.com/exploits/5968
exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/30000
vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/496482
mailing-listx_refsource_BUGTRAQ

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.