CVE-2007-5740

{"id": "CVE-2007-5740", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-10-31T16:46:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0889.html", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27458", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27520", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2007/dsa-1398", "source": "cve@mitre.org"}, {"url": "http://www.sec-consult.com/300.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/483034/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/26270", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018883", "source": "cve@mitre.org"}, {"url": "http://www.vergenet.net/linux/perdition/ChangeLog.shtml", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3677", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38184", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-10/0889.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27458", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/27520", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2007/dsa-1398", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.sec-consult.com/300.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/483034/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/26270", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1018883", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vergenet.net/linux/perdition/ChangeLog.shtml", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/3677", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38184", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism."}, {"lang": "es", "value": "El mecanismo de protecci\u00f3n de cadenas de formato en IMAPD para Perdition Mail Retrieval Proxy 1.17 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una etiqueta IMAP con un byte nulo seguido de un especificador de cadena de formato, el cual no es considerado por el mecanismo."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vergenet:perdition_mail_retrieval_proxy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "302C1211-38B0-4B88-A321-231DFB5D101D", "versionEndIncluding": "1.17"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}