CVE-2007-4646

Published: Aug 31, 2007Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.

Affected (1)

Products: Hexamail: Hexamail Server

Hexamail

1 product

Hexamail Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hexamail Hexamail Server	Version 3.0.0.001_lite

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://secunia.com/advisories/26666

Source: cve@mitre.org

http://www.securityfocus.com/bid/25496

Source: cve@mitre.org

http://www.securitytracker.com/id?1018637

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3044

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/36369

Source: cve@mitre.org

https://www.exploit-db.com/exploits/4344

Source: cve@mitre.org

http://secunia.com/advisories/26666