CVE-2008-1497
Severity Score
9.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
3
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
Desbordamiento de búfer basado en Pila en el servicio IMAP de NetWin SurgeMail 38k4-4 y versiones anteriores, permite a usuarios remotos autenticados ejecutar código de su elección mediante argumentos largos del comando LSUB.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2008-03-25 CVE Reserved
- 2008-03-25 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/489959/100/0/threaded | Mailing List | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41402 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://securityreason.com/securityalert/3774 | 2024-08-07 | |
| http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07 | 2024-08-07 | |
| http://www.securityfocus.com/bid/28377 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29105 | 2018-10-11 | |
| http://www.netwinsite.com/surgemail/help/updates.htm | 2018-10-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.8g3 Search vendor "Netwin" for product "Surgemail" and version "1.8g3" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 1.9b2 Search vendor "Netwin" for product "Surgemail" and version "1.9b2" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 2.0a2 Search vendor "Netwin" for product "Surgemail" and version "2.0a2" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 2.0c Search vendor "Netwin" for product "Surgemail" and version "2.0c" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 2.0e Search vendor "Netwin" for product "Surgemail" and version "2.0e" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 2.0g2 Search vendor "Netwin" for product "Surgemail" and version "2.0g2" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 2.1c7 Search vendor "Netwin" for product "Surgemail" and version "2.1c7" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 2.2a6 Search vendor "Netwin" for product "Surgemail" and version "2.2a6" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 2.2c10 Search vendor "Netwin" for product "Surgemail" and version "2.2c10" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 2.2g2 Search vendor "Netwin" for product "Surgemail" and version "2.2g2" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 2.2g3 Search vendor "Netwin" for product "Surgemail" and version "2.2g3" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.0a Search vendor "Netwin" for product "Surgemail" and version "3.0a" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.0c2 Search vendor "Netwin" for product "Surgemail" and version "3.0c2" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.2e Search vendor "Netwin" for product "Surgemail" and version "3.2e" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.5a Search vendor "Netwin" for product "Surgemail" and version "3.5a" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.5b3 Search vendor "Netwin" for product "Surgemail" and version "3.5b3" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.6d Search vendor "Netwin" for product "Surgemail" and version "3.6d" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.6f3 Search vendor "Netwin" for product "Surgemail" and version "3.6f3" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.6f5 Search vendor "Netwin" for product "Surgemail" and version "3.6f5" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.6f7 Search vendor "Netwin" for product "Surgemail" and version "3.6f7" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.7b Search vendor "Netwin" for product "Surgemail" and version "3.7b" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.7b3 Search vendor "Netwin" for product "Surgemail" and version "3.7b3" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.7b5 Search vendor "Netwin" for product "Surgemail" and version "3.7b5" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.7b6 Search vendor "Netwin" for product "Surgemail" and version "3.7b6" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.7b7 Search vendor "Netwin" for product "Surgemail" and version "3.7b7" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.7b8 Search vendor "Netwin" for product "Surgemail" and version "3.7b8" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8a Search vendor "Netwin" for product "Surgemail" and version "3.8a" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8b Search vendor "Netwin" for product "Surgemail" and version "3.8b" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8d Search vendor "Netwin" for product "Surgemail" and version "3.8d" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8f Search vendor "Netwin" for product "Surgemail" and version "3.8f" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8f2 Search vendor "Netwin" for product "Surgemail" and version "3.8f2" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8f3 Search vendor "Netwin" for product "Surgemail" and version "3.8f3" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8i Search vendor "Netwin" for product "Surgemail" and version "3.8i" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8i2 Search vendor "Netwin" for product "Surgemail" and version "3.8i2" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8i3 Search vendor "Netwin" for product "Surgemail" and version "3.8i3" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8k Search vendor "Netwin" for product "Surgemail" and version "3.8k" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8k2 Search vendor "Netwin" for product "Surgemail" and version "3.8k2" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8k3 Search vendor "Netwin" for product "Surgemail" and version "3.8k3" | - |
Affected
| ||||||
| Netwin Search vendor "Netwin" | Surgemail Search vendor "Netwin" for product "Surgemail" | 3.8m Search vendor "Netwin" for product "Surgemail" and version "3.8m" | - |
Affected
| ||||||