PT-2003-1474 · Slwebmail · Slwebmail

David Litchfield

Publicado

2003-05-08

Atualizado

2016-10-18

CVE-2003-0266

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: SLWebMail version 3

Description: The issue is related to multiple buffer overflows that can be triggered by remote attackers, potentially leading to a denial of service and arbitrary code execution. This can be achieved through various means, including:

a long Language parameter to "showlogin.dll"
a long CompanyID parameter to "recman.dll", "admin.dll", or "globallogin.dll".

Recommendations: For SLWebMail version 3, consider restricting access to the mentioned DLL files until a patch is available. As a temporary workaround, avoid using long parameters for Language and CompanyID in the affected API endpoints.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2003-0266

Produtos afetados

Slwebmail

PT-2003-1474 · Slwebmail · Slwebmail

CVE-2003-0266

Identificadores relacionados

Produtos afetados

Referências · 4