Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-0072

Published: 06/03/2008 Updated: 15/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Linux

Vulnerability Summary

Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and previous versions allows remote malicious users to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field.

Vulnerable Product Search on Vulmon Subscribe to Product

gnome evolution

Vendor Advisories

Ubuntu Security Notice: evolution vulnerability
Ulf Harnhammar discovered that Evolution did not correctly handle format strings when processing encrypted emails A remote attacker could exploit this by sending a specially crafted email, resulting in arbitrary code execution ...
Debian Security Advisories: DSA-1512-1 evolution -- format string attack
Ulf Härnhammar discovered that Evolution, the e-mail and groupware suite, had a format string vulnerability in the parsing of encrypted mail messages If the user opened a specially crafted email message, code execution was possible For the stable distribution (etch), this problem has been fixed in version 263-6etch2 For the old stable distrib ...

References

CWE-134http://secunia.com/secunia_research/2008-8/advisory/http://www.debian.org/security/2008/dsa-1512http://www.redhat.com/support/errata/RHSA-2008-0177.htmlhttp://www.ubuntu.com/usn/usn-583-1http://www.securityfocus.com/bid/28102http://secunia.com/advisories/29057https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00190.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-March/msg00195.htmlhttp://security.gentoo.org/glsa/glsa-200803-12.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:063http://www.securitytracker.com/id?1019540http://secunia.com/advisories/29163http://secunia.com/advisories/29210http://secunia.com/advisories/29244http://secunia.com/advisories/29258http://secunia.com/advisories/29264http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.htmlhttp://secunia.com/advisories/29317http://www.kb.cert.org/vuls/id/512491http://www.redhat.com/support/errata/RHSA-2008-0178.htmlhttp://wiki.rpath.com/wiki/Advisories:rPSA-2008-0105http://secunia.com/advisories/30437http://secunia.com/advisories/30491https://issues.rpath.com/browse/RPL-2310http://www.vupen.com/english/advisories/2008/0768/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41011https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10701http://www.securityfocus.com/archive/1/492684/100/0/threadedhttps://usn.ubuntu.com/583-1/https://nvd.nist.govhttps://www.kb.cert.org/vuls/id/512491
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook