PT-2003-1474 · Slwebmail · Slwebmail

David Litchfield

Published

2003-05-08

Updated

2016-10-18

CVE-2003-0266

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: SLWebMail version 3

Description: The issue is related to multiple buffer overflows that can be triggered by remote attackers, potentially leading to a denial of service and arbitrary code execution. This can be achieved through various means, including:

a long Language parameter to "showlogin.dll"
a long CompanyID parameter to "recman.dll", "admin.dll", or "globallogin.dll".

Recommendations: For SLWebMail version 3, consider restricting access to the mentioned DLL files until a patch is available. As a temporary workaround, avoid using long parameters for Language and CompanyID in the affected API endpoints.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0266

Affected Products

Slwebmail

PT-2003-1474 · Slwebmail · Slwebmail

CVE-2003-0266

Related Identifiers

Affected Products

References · 4