Vulnerabilities > CVE-2006-0559 - Remote Format String vulnerability in McAfee Webshield SMTP

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

mcafee

critical

NVD

Published: 2006-04-04

Updated: 2018-10-19

Summary

Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed. The vendor has released a patch (P0803), along with version 4.5 MR2 to address this issue.

Vulnerable Configurations

Part	Description	Count
Application	Mcafee Mcafee Webshield Smtp *	1

References

http://secunia.com/advisories/19491
http://securityreason.com/securityalert/671
http://securitytracker.com/id?1015861
http://www.osvdb.org/24366
http://www.securityfocus.com/archive/1/429812/100/0/threaded
http://www.securityfocus.com/bid/16742
http://www.vupen.com/english/advisories/2006/1219
https://exchange.xforce.ibmcloud.com/vulnerabilities/25621