Vulnerabilities > CVE-2007-1252 - Unspecified vulnerability in Symantec Mail Security 5.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch 175 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted headers in an e-mail message. NOTE: some information was obtained from third party sources.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Windows |
| NASL id | SMS_SMTP_CODE_EXEC.NASL |
| description | Symantec Mail Security for SMTP, which provides antispam and anti- virus protection for the IIS SMTP Service, is installed on the remote Windows host. There is reportedly an issue with the version of Symantec Mail Security for SMTP on the remote host that can be triggered by messages with malformed headers and lead to a crash or arbitrary code execution. Note that successful exploitation of this issue would allow an attacker to gain complete control of the affected host as Symantec Mail Security for SMTP runs with LOCAL SYSTEM privileges by default. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 24755 |
| published | 2007-03-05 |
| reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/24755 |
| title | Symantec Mail Security for SMTP Message Handling Arbitrary Code Execution |
References
- ftp://ftp.symantec.com/public/english_us_canada/products/symantec_mail_security/5.0_smtp/updates/release_notes_p175.txt
- http://osvdb.org/33840
- http://secunia.com/advisories/24371
- http://www.kb.cert.org/vuls/id/875633
- http://www.securityfocus.com/bid/22782
- http://www.securitytracker.com/id?1017716
- http://www.vupen.com/english/advisories/2007/0799
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32781