Description
Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Travis Warren · pythondoswindows
https://www.exploit-db.com/exploits/5968
References (4)
Core 4
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5968
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30000
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/496482
Vendor Advisory x_refsource_misc
http://www.netwinsite.com/surgemail/help/updates.htm
Scores
EPSS
0.1114
EPSS Percentile
93.5%
Details
CWE
CWE-119
Status
published
Products (1)
netwin/surgemail
3.9e
Published
Sep 08, 2009
Tracked Since
Feb 18, 2026