exploitDog

CVE-2017-9046

Опубликовано: 21 мая 2017

Источник: nvd

CVSS3: 7.3

CVSS2: 4.4

EPSS Низкий

Описание

winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack.

Ссылки

https://packetstormsecurity.com/files/142606/Pegasus-4.72-Build-572-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://packetstormsecurity.com/files/142606/Pegasus-4.72-Build-572-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pmail:pegasus:4.72:*:*:*:*:*:*:*

EPSS

Процентиль: 30%

0.00113

Низкий

7.3 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-r9hx-hmhj-28pf

CVSS3: 7.3

github

больше 3 лет назад

winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack.

EPSS

Процентиль: 30%

0.00113

Низкий

7.3 High

CVSS3

4.4 Medium

CVSS2

Дефекты

CWE-20