what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

Zero Day Initiative Advisory 10-128
Posted Jul 16, 2010
Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 10-128 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IPSwitch IMail. Authentication is not required to exploit this vulnerability. The specific flaw exists within SMTPDLL.dll (called by queuemgr.exe). When handling a message queued for remote delivery user supplied data can be used to specify additional format specifiers to a vsprintf call. This can be accomplished by providing a specially crafted -NOTIFY argument to the SMTP "RCPT TO:" argument. Additionally, the destination buffer supplied to vsprintf is a local stack buffer and can also be overflowed with a large -NOTIFY argument. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the SYSTEM user.

tags | advisory, remote, overflow, arbitrary, local
MD5 | 6925dd6d0ca2b42d7c557b71d25be680
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Official Monero Website Hacked, Delivers Backdoored Software
Posted Nov 20, 2019

tags | headline, cybercrime, fraud, cryptography
Offshore Bank Targeted By Phineas Fisher Confirms It Was Hacked
Posted Nov 20, 2019

tags | headline, hacker, bank, cybercrime, data loss, fraud
Mozilla Just Doubled Its Payouts As It Tries To Attract Software Vulnerability Hunters
Posted Nov 20, 2019

tags | headline, hacker, flaw, mozilla, firefox
Half Of Oracle E-Business Customers Open To Bank Fraud Flaw
Posted Nov 20, 2019

tags | headline, bank, cybercrime, fraud, flaw, oracle
Arron Banks' Twitter Account Hacked
Posted Nov 19, 2019

tags | headline, hacker, government, britain, twitter
FBI Sought Interpol Statement Against End To End Crypto
Posted Nov 19, 2019

tags | headline, government, privacy, usa, spyware, fbi, cryptography
Macys.com Magecart Attack Yields Payment, Personal Info
Posted Nov 19, 2019

tags | headline, hacker, privacy, bank, cybercrime, data loss, fraud
Android Flaw Lets Rogue Apps Take Photos, Record Video Even If Your Phone Is Locked
Posted Nov 19, 2019

tags | headline, privacy, malware, phone, flaw, google
Phineas Fisher Offers $100,000 Bounty To Hack Banks And Oil Companies
Posted Nov 18, 2019

tags | headline, hacker, bank, cybercrime, fraud, cyberwar, scada
Google Patches Awesome XSS Vulnerability In Gmail Dynamic Email Feature
Posted Nov 18, 2019

tags | headline, email, flaw, google
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close