CVE-2006-0559Use of Externally-Controlled Format String in Webshield Smtp

3 documents3 sources
Severity
10.0CRITICALNVD
EPSS
19.5%
top 4.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mcafee Webshield Smtp
Timeline
PublishedApr 4
Latest updateMay 1

Description

Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-qm5x-8jpf-99pq: Format string vulnerability in the SMTP server for McAfee WebShield 42022-05-01
CVEList
CVE-2006-0559: Format string vulnerability in the SMTP server for McAfee WebShield 42006-04-04
CVE-2006-0559 — Mcafee Webshield Smtp vulnerability | cvebase