Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
Software | From | Fixed in |
---|---|---|
netwin / surgemail | - | 38k4.x |
netwin / surgemail | 1.8a | 1.8a.x |
netwin / surgemail | 1.8b3 | 1.8b3.x |
netwin / surgemail | 1.8d | 1.8d.x |
netwin / surgemail | 1.8e | 1.8e.x |
netwin / surgemail | 1.8g3 | 1.8g3.x |
netwin / surgemail | 1.9 | 1.9.x |
netwin / surgemail | 1.9b2 | 1.9b2.x |
netwin / surgemail | 2.0a2 | 2.0a2.x |
netwin / surgemail | 2.0c | 2.0c.x |
netwin / surgemail | 2.0e | 2.0e.x |
netwin / surgemail | 2.0g2 | 2.0g2.x |
netwin / surgemail | 2.1a | 2.1a.x |
netwin / surgemail | 2.1c7 | 2.1c7.x |
netwin / surgemail | 2.2a6 | 2.2a6.x |
netwin / surgemail | 2.2c10 | 2.2c10.x |
netwin / surgemail | 2.2c9 | 2.2c9.x |
netwin / surgemail | 2.2g2 | 2.2g2.x |
netwin / surgemail | 2.2g3 | 2.2g3.x |
netwin / surgemail | 3.0a | 3.0a.x |
netwin / surgemail | 3.0c2 | 3.0c2.x |
netwin / surgemail | 3.8f3 | 3.8f3.x |
netwin / surgemail | 39a | 39a.x |
netwin / surgemail | beta_39a | beta_39a.x |
netwin / webmail | - | 3.1s.x |