Published: 25/08/2009 Updated: 29/09/2017

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Format string vulnerability in MemeCode Software i.Scribe 1.88 up to and including 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."

Vulnerable Product	Search on Vulmon	Subscribe to Product
memcode i.scribe 2.00
memcode i.scribe 1.90
memcode i.scribe 1.89
memcode i.scribe 1.88

<?php //I dont have c lol /*___=++++++++++++__=--=________***** 0-- -- iScribe smtp client v 188 to 200 beta Format String (wscanf) bug p0c vendor : Memecode Software grTs;SiDpsycho ALuja 271108 --)(________++++++++++++++++++++---*** ___00)_- NOTE!!! you must enabled extension=php_socketsdll in phpin ...

CWE-134 http://secunia.com/advisories/32906 http://memecode.com/site/ver.php?id=264 http://www.securityfocus.com/bid/32497 http://osvdb.org/50232 https://exchange.xforce.ibmcloud.com/vulnerabilities/46970 https://www.exploit-db.com/exploits/7249 https://nvd.nist.gov https://www.exploit-db.com/exploits/7249/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-7074

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect