CVE-2008-1497
UnknownEPSS 6.30%
Last modified
CVE-2008-1497 is a vulnerability of currently unknown severity. Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.. EPSS estimates a 6.30% chance of exploitation in the next 30 days.
Description
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Netwin | Surgemail | 1.8g3 |
| Netwin | Surgemail | 1.9b2 |
| Netwin | Surgemail | 2.0a2 |
| Netwin | Surgemail | 2.0c |
| Netwin | Surgemail | 2.0e |
| Netwin | Surgemail | 2.0g2 |
| Netwin | Surgemail | 2.1c7 |
| Netwin | Surgemail | 2.2a6 |
| Netwin | Surgemail | 2.2c10 |
| Netwin | Surgemail | 2.2g2 |
| Netwin | Surgemail | 2.2g3 |
| Netwin | Surgemail | 3.0a |
| Netwin | Surgemail | 3.0c2 |
| Netwin | Surgemail | 3.2e |
| Netwin | Surgemail | 3.5a |
| Netwin | Surgemail | 3.5b3 |
| Netwin | Surgemail | 3.6d |
| Netwin | Surgemail | 3.6f3 |
| Netwin | Surgemail | 3.6f5 |
| Netwin | Surgemail | 3.6f7 |
| Netwin | Surgemail | 3.7b |
| Netwin | Surgemail | 3.7b3 |
| Netwin | Surgemail | 3.7b5 |
| Netwin | Surgemail | 3.7b6 |
| Netwin | Surgemail | 3.7b7 |
| Netwin | Surgemail | 3.7b8 |
| Netwin | Surgemail | 3.8a |
| Netwin | Surgemail | 3.8b |
| Netwin | Surgemail | 3.8d |
| Netwin | Surgemail | 3.8f |
| Netwin | Surgemail | 3.8f2 |
| Netwin | Surgemail | 3.8f3 |
| Netwin | Surgemail | 3.8i |
| Netwin | Surgemail | 3.8i2 |
| Netwin | Surgemail | 3.8i3 |
| Netwin | Surgemail | 3.8k |
| Netwin | Surgemail | 3.8k2 |
| Netwin | Surgemail | 3.8k3 |
| Netwin | Surgemail | 3.8m |
References
- http://secunia.com/advisories/29105Vendor Advisory
- http://www.netwinsite.com/surgemail/help/updates.htmVendor Advisory
- http://secunia.com/advisories/29105Vendor Advisory
- http://www.netwinsite.com/surgemail/help/updates.htmVendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-1497?
Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute arbitrary code via long arguments to the LSUB command.
How severe is CVE-2008-1497?
Severity scoring for CVE-2008-1497 is pending analysis. The EPSS model estimates a 6.30% probability of exploitation in the next 30 days.
How do I fix CVE-2008-1497?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2008-1497?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST