CVE-2008-1055
First published: Wed Feb 27 2008(Updated: )
Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetWin SurgeMail | =3.0c2 | |
| NetWin SurgeMail | =2.2a6 | |
| NetWin SurgeMail | =1.8e | |
| NetWin SurgeMail | =39a | |
| NetWin SurgeMail | =2.0g2 | |
| NetWin SurgeMail | =2.0e | |
| NetWin SurgeMail | =2.1a | |
| NetWin SurgeMail | =beta_39a | |
| NetWin SurgeMail | =2.0c | |
| NetWin SurgeMail | =2.2g2 | |
| NetWin SurgeMail | <=38k4 | |
| NetWin SurgeMail | =2.2c10 | |
| NetWin SurgeMail | =2.2g3 | |
| NetWin SurgeMail | =1.8d | |
| NetWin SurgeMail | =1.8b3 | |
| NetWin SurgeMail | =2.2c9 | |
| NetWin SurgeMail | =1.8g3 | |
| NetWin SurgeMail | =1.8a | |
| NetWin SurgeMail | =1.9 | |
| NetWin SurgeMail | =2.0a2 | |
| NetWin SurgeMail | =2.1c7 | |
| NetWin SurgeMail | =3.8f3 | |
| NetWin Webmail | <=3.1s | |
| NetWin SurgeMail | =1.9b2 | |
| NetWin SurgeMail | =3.0a |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/27990
- http://secunia.com/advisories/29105
- http://www.securitytracker.com/id?1019500
- http://secunia.com/advisories/29137
- http://aluigi.altervista.org/adv/surgemailz-adv.txt
- http://securityreason.com/securityalert/3705
- http://www.vupen.com/english/advisories/2008/0678
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40833
- http://www.securityfocus.com/archive/1/488741/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2008-1055?
CVE-2008-1055 is classified as a high severity vulnerability because it can lead to denial of service and potential remote code execution.
How do I fix CVE-2008-1055?
To fix CVE-2008-1055, you should upgrade to a version of NetWin SurgeMail or WebMail that is not affected by this vulnerability.
What software is affected by CVE-2008-1055?
CVE-2008-1055 affects multiple versions of NetWin SurgeMail up to 38k4 and WebMail up to version 3.1s.
Can CVE-2008-1055 lead to remote code execution?
Yes, CVE-2008-1055 can potentially allow remote attackers to execute arbitrary code through format string specifiers.
What kind of attacks can be performed using CVE-2008-1055?
Attackers can exploit CVE-2008-1055 to crash the application or execute malicious code, leading to a denial of service.
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/netwin
- canonical/netwin surgemail
- version/netwin surgemail/3.0c2
- version/netwin surgemail/2.2a6
- version/netwin surgemail/1.8e
- version/netwin surgemail/39a
- version/netwin surgemail/2.0g2
- version/netwin surgemail/2.0e
- version/netwin surgemail/2.1a
- version/netwin surgemail/beta_39a
- version/netwin surgemail/2.0c
- version/netwin surgemail/2.2g2
- version/netwin surgemail/38k4
- version/netwin surgemail/2.2c10
- version/netwin surgemail/2.2g3
- version/netwin surgemail/1.8d
- version/netwin surgemail/1.8b3
- version/netwin surgemail/2.2c9
- version/netwin surgemail/1.8g3
- version/netwin surgemail/1.8a
- version/netwin surgemail/1.9
- version/netwin surgemail/2.0a2
- version/netwin surgemail/2.1c7
- version/netwin surgemail/3.8f3
- canonical/netwin webmail
- version/netwin webmail/3.1s
- version/netwin surgemail/1.9b2
- version/netwin surgemail/3.0a