CVE-2007-1669

Amavis < 2.4.1 - Denial of Service

Title source: rule

Description

zoo decoder 2.10 (zoo-2.10), as used in multiple products including (1) Barracuda Spam Firewall 3.4 and later with virusdef before 2.0.6399, (2) Spam Firewall before 3.4 20070319 with virusdef before 2.0.6399o, and (3) AMaViS 2.4.1 and earlier, allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jean-SÃ©bastien · cdosmultiple

https://www.exploit-db.com/exploits/3851

View Code ZIP pw:eip

References (10)

[Various Sources] http://www.amavis.org/security/asa-2007-2.txt

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34080

[Exploit] http://www.securityfocus.com/bid/23823

[Third Party Advisory] http://www.attrition.org/pipermail/vim/2007-July/001725.html

[Vendor Advisory] http://secunia.com/advisories/25315

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/467646/100/0/threaded

[Patch, Vendor Advisory] http://secunia.com/advisories/25122

[Third Party Advisory, VDB Entry] http://www.osvdb.org/35795

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1699

[Third Party Advisory] http://securityreason.com/securityalert/2680

Scores

EPSS 0.1502

EPSS Percentile 94.6%

Details

Status published

Products (1)

amavis/amavis < 2.4.1

Published May 09, 2007

Tracked Since Feb 18, 2026