CVE-2006-5487
Marshal MailMarshal SMTP 5.x-6.x and 2006 - Path Traversal and Arbitrary File Write via ARJ Archive Filename
Title source: llmDescription
Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.
References (9)
Core 9
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1857
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30188
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22806
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20999
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017209
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451143/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4457
Patch x_refsource_confirm
http://www.marshal.com/kb/article.aspx?id=11450
Patch, Vendor Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-06-039.html
Scores
EPSS
0.0388
EPSS Percentile
89.0%
Details
CWE
CWE-22
Status
published
Products (3)
marshal/mailmarshal_smtp
5.0
marshal/mailmarshal_smtp
6.0
marshal/mailmarshal_smtp
2006
Published
Nov 10, 2006
Tracked Since
Feb 18, 2026