Surgemail 3.0 - Real CGI executables Remote Buffer Overflow

Author: Luigi Auriemma
type: dos
platform: windows
port: 
date_added: 2008-02-25 
date_updated: 2014-02-05 
verified: 1 
codes: CVE-2008-1054;OSVDB-42980 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/27992/info

SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts likely result in denial-of-service conditions.

SurgeMail 38k4 and prior versions are vulnerable.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/31301.zip