{"vuid":"VU#875633","idnumber":"875633","name":"Symantec Mail Security for SMTP arbitrary code execution vulnerability","keywords":["Symantec SMS-SMTP","DoS","denial of service","8 bit","non-ASCII","character","inetinfo.exe"],"overview":"Symantec Mail Security for SMTP contains a vulnerability that may allow an attacker to execute arbitrary code, or create a denial of service condition.","clean_desc":"Symantec Mail Security for SMTP is an antispam, antivirus, and content filtering software package that scans email. Symantec Mail Security for SMTP contains a vulnerability that occurs when processing mail messages with malformed headers. An attacker may be able to exploit this vulnerability by sending a specially crafted email message through a vulnerable system.","impact":"A remote, unauthenticated attacker to execute arbitrary code, or create a denial of service condition.","resolution":"Upgrade\nSymantec has issued patch 175 to address this and other issues. See the 175 release notes for more details.","workarounds":"","sysaffected":"","thanks":"Thanks to Steve Arvanitis for reporting this vulnerability.","author":"This document was written by Ryan Giobbi.","public":["http://www.symantec.com/enterprise/products/overview.jsp?pcid=1008&pvid=845_1","ftp://ftp.symantec.com/public/english_us_canada/products/symantec_mail_security/5.0_smtp/updates/","ftp://ftp.symantec.com/public/english_us_canada/products/symantec_mail_security/5.0_smtp/updates/release_notes_p175.txt","http://secunia.com/advisories/24371/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-02-09T12:41:18Z","publicdate":"2007-02-09T00:00:00Z","datefirstpublished":"2007-03-01T19:32:37Z","dateupdated":"2007-03-02T19:23:27Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"6","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"5","cam_impact":"4","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"2.1","cam_scorecurrentwidelyknown":"4.2","cam_scorecurrentwidelyknownexploited":"7.2","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":2.1,"vulnote":null}