Vulnerability CVE-2004-0309


Published: 2004-11-23   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Zonelabs -> Integrity 
Zonelabs -> Zonealarm 

 References:
http://download.zonelabs.com/bin/free/securityAlert/8.html
http://marc.info/?l=bugtraq&m=107722656827427&w=2
http://www.ciac.org/ciac/bulletins/o-084.shtml
http://www.kb.cert.org/vuls/id/619982
http://www.securityfocus.com/bid/9696
http://xforce.iss.net/xforce/xfdb/14991

Copyright 2024, cxsecurity.com

 

Back to Top