WebView WebMail-Client Buffer Overflow Vulnerability

vendor:

WebView WebMail-Client

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: WebView WebMail-Client

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2001

WebView WebMail-Client Buffer Overflow Vulnerability

WebView WebMail-Client is an add-on for the Mercur SMTP/POP3/IMAP4 Mail Server which allows a user to access email through a web browser. Insufficient boundary checking exists in the code which handles GET requests, specifically on port 1080. Issuing a GET request containing a string of over 1000 characters on port 1080 will cause the WebView WebMail-Client application to crash.

Mitigation:

Ensure that boundary checks are performed on all user-supplied input.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1056/info

WebView WebMail-Client is an add-on for the Mercur SMTP/POP3/IMAP4 Mail Server which allows a user to access email through a web browser.

Insufficient boundary checking exists in the code which handles GET requests, specifically on port 1080. Issuing a GET request containing a string of over 1000 characters on port 1080 will cause the WebView WebMail-Client application to crash.

eg.
http: //target/&mail_user=<string containing over 1000 characters>

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19810-1.exe

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19810-2.zip