CVE-2008-7074

i.Scribe 1.88-2.00 - Remote Code Execution via SMTP Server Response Format String

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7074. PoCs published by Alfons Luja.

AI-analyzed exploit summary This PHP script exploits a format string vulnerability in i.Scribe SMTP client versions 1.88 to 2.00 beta by acting as a fake SMTP server. It sends a malformed string to trigger the vulnerability when the client connects.

Description

Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alfons Luja · phpdoswindows

https://www.exploit-db.com/exploits/7249

View Code ZIP pw:eip

This PHP script exploits a format string vulnerability in i.Scribe SMTP client versions 1.88 to 2.00 beta by acting as a fake SMTP server. It sends a malformed string to trigger the vulnerability when the client connects.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: i.Scribe SMTP client v1.88 to 2.00 beta

No auth needed

Prerequisites: PHP with sockets extension enabled · Network access to the target

MITRE ATT&CK