CVE-2006-5487

Marshal MailMarshal SMTP 5.x-6.x and 2006 - Path Traversal and Arbitrary File Write via ARJ Archive Filename

Title source: llm
STIX 2.1

Description

Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.

References (9)

Core 9
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1857
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30188
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22806
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20999
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017209
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451143/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4457
Patch, Vendor Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-06-039.html

Scores

EPSS 0.0388
EPSS Percentile 89.0%

Details

CWE
CWE-22
Status published
Products (3)
marshal/mailmarshal_smtp 5.0
marshal/mailmarshal_smtp 6.0
marshal/mailmarshal_smtp 2006
Published Nov 10, 2006
Tracked Since Feb 18, 2026