Vulnerabilities > CVE-2007-1252 - Unspecified vulnerability in Symantec Mail Security 5.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
symantec
nessus
NVD
Published: 2007-03-03
Updated: 2024-11-21

Summary

Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.

Vulnerable Configurations

Part Description Count
Application
Symantec
1

Nessus

NASL familyWindows
NASL idSMS_SMTP_CODE_EXEC.NASL
descriptionSymantec Mail Security for SMTP, which provides antispam and anti- virus protection for the IIS SMTP Service, is installed on the remote Windows host. There is reportedly an issue with the version of Symantec Mail Security for SMTP on the remote host that can be triggered by messages with malformed headers and lead to a crash or arbitrary code execution. Note that successful exploitation of this issue would allow an attacker to gain complete control of the affected host as Symantec Mail Security for SMTP runs with LOCAL SYSTEM privileges by default.
last seen2020-06-01
modified2020-06-02
plugin id24755
published2007-03-05
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/24755
titleSymantec Mail Security for SMTP Message Handling Arbitrary Code Execution

References