Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Youngzsoft CMailServer远程栈溢出漏洞
Vulnerability Description
CMailServer是一款EMAIL服务程序,包含基于WEB的邮件服务系统。 CMailServer所安装的POP3 Class ActiveX控件(CMailCOM.dll,CLSID 6971D9B8-B53E-4C25-A414-76199768A592)没有正确地验证对MoveToFolder()方式所提供的输入参数,如果远程攻击者向mvmail.asp提交了带有超长indexOfMail参数的POST请求的话,就可以触发栈溢出,导致执行任意代码。CLSID为0609792F-AB56-4CB6
CVSS Information
N/A
Vulnerability Type
N/A