Foxmail Remote Buffer Overflow Vulnerability
BID:9954
Info
Foxmail Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 9954 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2004 12:00AM |
| Updated: | Mar 23 2004 12:00AM |
| Credit: | The disclosure of this issue is credited to the XFocus Security Team. |
| Vulnerable: |
Foxmail Email Client - English Version 4.1 Foxmail Email Client - Chinese Version 5.0 Foxmail Email Client - Chinese Version 4.2 |
| Not Vulnerable: | |
Discussion
Foxmail Remote Buffer Overflow Vulnerability
It has been reported that Foxmail is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to verify buffer boundaries when processing user supplied email headers.
A remote attacker may potentially exploit this issue to cause the email client to crash, denying service to the victim user. It is also possible to further leverage this issue in order to execute arbitrary code; this code would be executed in the security context of the user running the affected email client.
It has been reported that Foxmail is prone to a remote buffer overflow vulnerability. This issue is due to a failure of the application to verify buffer boundaries when processing user supplied email headers.
A remote attacker may potentially exploit this issue to cause the email client to crash, denying service to the victim user. It is also possible to further leverage this issue in order to execute arbitrary code; this code would be executed in the security context of the user running the affected email client.
Exploit / POC
Foxmail Remote Buffer Overflow Vulnerability
The following exploit has been provided to leverage this issue:
The following exploit has been provided to leverage this issue:
Solution / Fix
Foxmail Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.