FoxMail Client Buffer Overflow Vulnerability Network Vulnerability

Summary

This host is installed with FoxMail Client and is prone to Buffer Overflow Vulnerability.

Impact

Successful exploitation will allow attacker to insert a long crafted URI in the MAILTO field and can cause a stack overflow to the application. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. For updates refer to http://www.foxmail.com.cn

Insight

This flaw is due to lack of sanitization and boundary check in the user supplied data which can be exploited by adding a long URL length in the HREF attribute of an A element.

Affected

Foxmail version 6.5 or prior on Windows.

References

http://www.sebug.net/exploit/4681
http://xforce.iss.net/xforce/xfdb/45343

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-5839
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ChaSen Buffer Overflow Vulnerability (Linux)
CA ARCserve Backup Multiple Bufffer Overflow Vulnerabilities
Adobe Shockwave Player 3D Model Buffer Overflow Vulnerabilities
CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability
A-V Tronics InetServ POP3 Denial Of Service Vulnerability

FoxMail Client Buffer Overflow vulnerability

Take action and discover your vulnerabilities