Symantec Mail Security for SMTP Arbitrary Code Execution Vulnerability

Bugtraq ID:	22782
Class:	Design Error
CVE:	CVE-2007-1252
Remote:	Yes
Local:	No
Published:	Mar 01 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Steve Arvanitis reported this issue.
Vulnerable:	Symantec Mail Security For Smtp 5.0
Not Vulnerable:

Symantec Mail Security for SMTP Arbitrary Code Execution Vulnerability

Symantec Mail Security for SMTP is prone to a vulnerability that would allow remote attackers to execute arbitrary code on an affected computer or to cause denial-of-service conditions.

Symantec Mail Security for SMTP Arbitrary Code Execution Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Symantec Mail Security for SMTP Arbitrary Code Execution Vulnerability

Solution:
Symantec released patch 175 to address this issue. Please see the reference section for more information.


Symantec Mail Security For Smtp 5.0

• Symantec Patch 175
  ftp://ftp.symantec.com/public/english_us_canada/products/symantec_mail _security/5.0_smtp/updates/

Symantec Mail Security for SMTP Arbitrary Code Execution Vulnerability

References:

• Symantec Home Page (Symantec)
  
• Vulnerability Note VU#875633 (CERT)
  
• Secunia Research: Symantec Mail Security for (Secunia Research)
  
• Patch 175 Release notes (Symantec)
  
• Secunia Research: Symantec Mail Security for SMTP Boundary Errors (Secunia)