CVE-2008-1055

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

Published: Feb 27, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1055
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-134

Affected Software
References

Software	From	Fixed in
netwin / surgemail	3.0c2	3.0c2.x
netwin / surgemail	2.2a6	2.2a6.x
netwin / surgemail	1.8e	1.8e.x
netwin / surgemail	39a	39a.x
netwin / surgemail	2.0g2	2.0g2.x
netwin / surgemail	2.0e	2.0e.x
netwin / surgemail	2.1a	2.1a.x
netwin / surgemail	beta_39a	beta_39a.x
netwin / surgemail	2.0c	2.0c.x
netwin / surgemail	2.2g2	2.2g2.x
netwin / surgemail	-	38k4.x
netwin / surgemail	2.2c10	2.2c10.x
netwin / surgemail	2.2g3	2.2g3.x
netwin / surgemail	1.8d	1.8d.x
netwin / surgemail	1.8b3	1.8b3.x
netwin / surgemail	2.2c9	2.2c9.x
netwin / surgemail	1.8g3	1.8g3.x
netwin / surgemail	1.8a	1.8a.x
netwin / surgemail	1.9	1.9.x
netwin / surgemail	2.0a2	2.0a2.x
netwin / surgemail	2.1c7	2.1c7.x
netwin / surgemail	3.8f3	3.8f3.x
netwin / webmail	-	3.1s.x
netwin / surgemail	1.9b2	1.9b2.x
netwin / surgemail	3.0a	3.0a.x

Vulnerability Database

289,599

CVE-2008-1055