Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in the page parameter.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Surgemail | Netwin | * | 38k4 (including) |
| Surgemail | Netwin | 1.8a (including) | 1.8a (including) |
| Surgemail | Netwin | 1.8b3 (including) | 1.8b3 (including) |
| Surgemail | Netwin | 1.8d (including) | 1.8d (including) |
| Surgemail | Netwin | 1.8e (including) | 1.8e (including) |
| Surgemail | Netwin | 1.8g3 (including) | 1.8g3 (including) |
| Surgemail | Netwin | 1.9 (including) | 1.9 (including) |
| Surgemail | Netwin | 1.9b2 (including) | 1.9b2 (including) |
| Surgemail | Netwin | 2.0a2 (including) | 2.0a2 (including) |
| Surgemail | Netwin | 2.0c (including) | 2.0c (including) |
| Surgemail | Netwin | 2.0e (including) | 2.0e (including) |
| Surgemail | Netwin | 2.0g2 (including) | 2.0g2 (including) |
| Surgemail | Netwin | 2.1a (including) | 2.1a (including) |
| Surgemail | Netwin | 2.1c7 (including) | 2.1c7 (including) |
| Surgemail | Netwin | 2.2a6 (including) | 2.2a6 (including) |
| Surgemail | Netwin | 2.2c9 (including) | 2.2c9 (including) |
| Surgemail | Netwin | 2.2c10 (including) | 2.2c10 (including) |
| Surgemail | Netwin | 2.2g2 (including) | 2.2g2 (including) |
| Surgemail | Netwin | 2.2g3 (including) | 2.2g3 (including) |
| Surgemail | Netwin | 3.0a (including) | 3.0a (including) |
| Surgemail | Netwin | 3.0c2 (including) | 3.0c2 (including) |
| Surgemail | Netwin | 3.8f3 (including) | 3.8f3 (including) |
| Surgemail | Netwin | 39a (including) | 39a (including) |
| Surgemail | Netwin | beta_39a (including) | beta_39a (including) |
| Webmail | Netwin | * | 3.1s (including) |