Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2007-4607

Published: 31/08/2007 Updated: 28/08/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 940
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Quicksoft

Vulnerability Summary

Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote malicious users to execute arbitrary code via a long argument to the SubmitToExpress method, a different vulnerability than CVE-2007-1029. NOTE: this may have been fixed in version 6.0.3.15.

Vulnerable Product Search on Vulmon Subscribe to Product

quicksoft easymail objects

gate comm software postcast server pro 3.0.61

Exploits

Exploit DB: Oracle Document Capture 10g - ActiveX Control Buffer Overflow (Metasploit)
## # $Id: oracle_dc_submittoexpressrb 9262 2010-05-09 17:45:00Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/cor ...
Exploit DB: Postcast Server Pro 3.0.61 / Quiksoft EasyMail - 'emsmtp.dll 6.0.1' Remote Buffer Overflow
<!-- Postcast Server Pro 3061 / Quiksoft EasyMail SMTP Object (emsmtpdll 601) remote buffer overflow exploit (ie6 / xp sp2 version) passing more than 539 chars to SubmitToExpress method: EAX 00000400 ECX 0013DD24 ASCII "Error Creating File: AAAA EDX C0403FFF EBX FFFFFFFF ESP 0013D5E4 EBP 0013DD08 ESI 41414141 EDI 0013DD24 AS ...

Github Repositories

https://github.com/joeyrideout/CVE-2007-4607

Make CVE-2007-4607 exploitable again!

CVE-2007-4607 joeyrideoutcom/reworking-decade-old-exploit-code/

References

CWE-119http://www.securityfocus.com/bid/25467http://retrogod.altervista.org/postcast-emsmtp_bof.htmlhttp://www.kb.cert.org/vuls/id/281977http://secunia.com/advisories/24199http://secunia.com/advisories/26639http://osvdb.org/38335http://archives.neohapsis.com/archives/bugtraq/2013-04/0220.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/36307https://www.exploit-db.com/exploits/4328https://community.ivanti.com/docs/DOC-50988https://nvd.nist.govhttps://github.com/joeyrideout/CVE-2007-4607https://www.exploit-db.com/exploits/16579/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991CVE-2024-32674path traversalCVE-2023-21987denial of servicedosCVE-2024-4647CVE-2024-25519CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook