CVE-2005-2931

critical

Description

Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands.

References

http://www.vupen.com/english/advisories/2005/2782

http://www.securityfocus.com/bid/15752

http://www.ipswitch.com/support/imail/releases/imail_professional/im822.asp

http://www.idefense.com/application/poi/display?id=346&type=vulnerabilities

http://securitytracker.com/id?1015317

http://secunia.com/advisories/17863

Details

Source: Mitre, NVD

Published: 2005-12-07

Updated: 2011-03-08

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical