Описание
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:memcode:i.scribe:1.88:*:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:1.89:*:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:1.90:*:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:2.00:alpha1:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:2.00:alpha2:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:2.00:alpha3:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:2.00:alpha4:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:2.00:beta10:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:2.00:beta11:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:2.00:beta6:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:2.00:beta7:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:2.00:beta8:*:*:*:*:*:*
cpe:2.3:a:memcode:i.scribe:2.00:beta9:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.11115
Средний
9.3 Critical
CVSS2
Дефекты
CWE-134
Связанные уязвимости
github
больше 3 лет назад
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."
EPSS
Процентиль: 93%
0.11115
Средний
9.3 Critical
CVSS2
Дефекты
CWE-134