| Vulnerability Name: | CVE-2004-0309 (CCN-14991) | ||||||||
| Assigned: | 2004-02-18 | ||||||||
| Published: | 2004-02-18 | ||||||||
| Updated: | 2017-10-10 | ||||||||
| Summary: | Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2004-0309 Source: CCN Type: Zone Labs Security Advisory February 18, 2004 Zone Labs SMTP Processing Vulnerability Source: CONFIRM Type: UNKNOWN http://download.zonelabs.com/bin/free/securityAlert/8.html Source: BUGTRAQ Type: UNKNOWN 20040219 EEYE: ZoneLabs SMTP Processing Buffer Overflow Source: CCN Type: CIAC Information Bulletin O-084 Zone Labs SMTP Processing Vulnerability Source: CIAC Type: UNKNOWN O-084 Source: CCN Type: US-CERT VU#619982 Zone Labs desktop security products fail to properly validate RCPT TO command argument Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#619982 Source: OSVDB Type: UNKNOWN 3991 Source: CCN Type: OSVDB ID: 3991 ZoneAlarm SMTP Service (vsmon.exe) RCPT TO Command Remote Overflow Source: BID Type: Vendor Advisory 9696 Source: CCN Type: BID-9696 Zone Labs ZoneAlarm SMTP Remote Buffer Overflow Vulnerability Source: XF Type: UNKNOWN zonelabs-multiple-products-bo(14991) Source: XF Type: UNKNOWN zonelabs-multiple-products-bo(14991) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||