Details of VAR-200412-0297

ID

VAR-200412-0297

CVE

CVE-2004-2401

TITLE

Ipswitch IMail Express Web Message Remote Buffer Overflow Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-496

DESCRIPTION

Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text.". A remotely exploitable buffer overrun vulnerability has been reported in Ipswitch IMail Express. This condition exists in the Web Messaging component and is due to insufficient bounds checking of HTML messages. This issue could potentially be exploited to execute arbitrary code in the context of the software. Ipswitch IMail is a powerful mail service program. No detailed vulnerability details are currently available

Trust: 1.26

sources: NVD: CVE-2004-2401 // BID: 10106 // VULHUB: VHN-10829

AFFECTED PRODUCTS

vendor:	ipswitch	model:	imail express	scope:	eq	version:	8.03	Trust: 1.9
vendor:	ipswitch	model:	imail express	scope:	ne	version:	8.05	Trust: 0.3

sources: BID: 10106 // CNNVD: CNNVD-200412-496 // NVD: CVE-2004-2401

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2401
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-496
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10829
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-2401
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10829
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10829 // CNNVD: CNNVD-200412-496 // NVD: CVE-2004-2401

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2401

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-496

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 10106 // CNNVD: CNNVD-200412-496

EXTERNAL IDS

db:	BID	id:	10106	Trust: 2.0
db:	OSVDB	id:	5243	Trust: 1.7
db:	SECUNIA	id:	11352	Trust: 1.7
db:	NVD	id:	CVE-2004-2401	Trust: 1.7
db:	CNNVD	id:	CNNVD-200412-496	Trust: 0.7
db:	NSFOCUS	id:	6332※6334	Trust: 0.6
db:	NSFOCUS	id:	6334	Trust: 0.6
db:	NSFOCUS	id:	6332	Trust: 0.6
db:	XF	id:	15841	Trust: 0.6
db:	VULHUB	id:	VHN-10829	Trust: 0.1

sources: VULHUB: VHN-10829 // BID: 10106 // CNNVD: CNNVD-200412-496 // NVD: CVE-2004-2401

REFERENCES

url:	http://www.securityfocus.com/bid/10106	Trust: 1.7
url:	http://support.ipswitch.com/kb/im-20031219-df01.htm	Trust: 1.7
url:	http://www.osvdb.org/5243	Trust: 1.7
url:	http://secunia.com/advisories/11352	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15841	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/15841	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6332※6334	Trust: 0.6
url:	http://www.ipswitch.com/products/imail_server/express.html	Trust: 0.3

sources: VULHUB: VHN-10829 // BID: 10106 // CNNVD: CNNVD-200412-496 // NVD: CVE-2004-2401

CREDITS

This issue was announced by the vendor.

Trust: 0.3

sources: BID: 10106

SOURCES

db:	VULHUB	id:	VHN-10829
db:	BID	id:	10106
db:	CNNVD	id:	CNNVD-200412-496
db:	NVD	id:	CVE-2004-2401

LAST UPDATE DATE

2024-08-14T14:00:44.194000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10829	date:	2017-07-11T00:00:00
db:	BID	id:	10106	date:	2004-04-13T00:00:00
db:	CNNVD	id:	CNNVD-200412-496	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-2401	date:	2017-07-11T01:31:51.950

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10829	date:	2004-12-31T00:00:00
db:	BID	id:	10106	date:	2004-04-13T00:00:00
db:	CNNVD	id:	CNNVD-200412-496	date:	2004-04-13T00:00:00
db:	NVD	id:	CVE-2004-2401	date:	2004-12-31T05:00:00