CVE-2007-4607

Quiksoft EasyMail SMTP Object <6.0.1 - Buffer Overflow

Title source: llm

Description

Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029. NOTE: this may have been fixed in version 6.0.3.15.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16579

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by rgod · htmlremotewindows

https://www.exploit-db.com/exploits/4328

View Code ZIP pw:eip

nomisec WORKING POC

by joeyrideout · poc

https://github.com/joeyrideout/CVE-2007-4607

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/oracle_dc_submittoexpress.rb

View Code ZIP pw:eip

References (10)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2013-04/0220.html

[US Government Resource] http://www.kb.cert.org/vuls/id/281977

[Exploit] http://www.securityfocus.com/bid/25467

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36307

[Various Sources] http://retrogod.altervista.org/postcast-emsmtp_bof.html

[Various Sources] https://community.ivanti.com/docs/DOC-50988

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4328

[Third Party Advisory, VDB Entry] http://osvdb.org/38335

[Third Party Advisory] http://secunia.com/advisories/24199

[Third Party Advisory] http://secunia.com/advisories/26639

Scores

EPSS 0.8007

EPSS Percentile 99.1%

Details

CWE

CWE-119

Status published

Products (2)

gate_comm_software/postcast_server_pro 3.0.61

quicksoft/easymail_objects

Published Aug 31, 2007

Tracked Since Feb 18, 2026