CVE-2003-0391
published 2003-07-02CVE-2003-0391: Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and…
PriorityP430high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.52%
87.8th percentile
Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| amax_information_technologies | magic_winmail_server | <= 2.3 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-953v-cmq7-xgqr: Format string vulnerability in Magic WinMail Server 2
ghsa_unreviewed·2022-04-29
CVE-2003-0391 [HIGH] GHSA-953v-cmq7-xgqr: Format string vulnerability in Magic WinMail Server 2
Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.
Red Hat
security flaw
vendor_redhat·2003-03-19·CVSS 9.8
CVE-2003-0028 [CRITICAL] security flaw
security flaw
Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391.
No detection rules found.
2003-07-02
Published