CVE-2008-1055

SurgeMail < 38k4 and WebMail < 3.1s - Remote Code Execution via Format String in Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1055. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes a remote format-string vulnerability in SurgeMail and WebMail applications, which can lead to arbitrary code execution or denial of service due to improper input sanitization. It references CVE-2008-1055 and includes affected versions but lacks actual exploit code.

Description

Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdoswindows

https://www.exploit-db.com/exploits/31300

View Code ZIP pw:eip

The provided text describes a remote format-string vulnerability in SurgeMail and WebMail applications, which can lead to arbitrary code execution or denial of service due to improper input sanitization. It references CVE-2008-1055 and includes affected versions but lacks actual exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: SurgeMail 38k4, beta 39a and earlier; Netwin WebMail 3.1s and earlier

No auth needed

Prerequisites: Network access to the vulnerable application

MITRE ATT&CK