NetWin DMail DSMTP Remote Format String Vulnerability

The SMTP server (dsmtp.exe) shipped with DMail is reportedly prone to a remote format string vulnerability.

Specifically, this issue arises when the application handles malicious data passed through various administrative commands.

A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context the server.

It should be noted that exploitation of this vulnerability requires the attacker to have the DMail administrative password.


 

Privacy Statement
Copyright 2010, SecurityFocus