Vulnerability Name:

CVE-2007-2770 (CCN-34324)

Assigned:2007-05-15
Published:2007-05-15
Updated:2017-10-19
Summary:Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply.
Note: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
8.4 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2007-2770

Source: OSVDB
Type: UNKNOWN
36198

Source: CCN
Type: SA25282
Eudora Multiple Buffer Overflow Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
25282

Source: CCN
Type: Eudora Web site
Eudora WorldMail Server by QUALCOMM

Source: CCN
Type: OSVDB ID: 36198
Eudora SMTP Server Reply Overflow

Source: XF
Type: UNKNOWN
eudora-smtp-server-bo(34324)

Source: XF
Type: UNKNOWN
eudora-smtp-server-bo(34324)

Source: EXPLOIT-DB
Type: UNKNOWN
3934

Vulnerable Configuration:Configuration 1:
  • cpe:/a:qualcomm:eudora:7.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:qualcomm:eudora:7.1.0.9:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    qualcomm eudora 7.1
    qualcomm eudora 7.1.0.9