Al Mail32
CVE-2015-0879
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1DescriptionCVE.org
CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment.
AnalysisAI
CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.
Technical ContextAI
This vulnerability is classified under CWE-20. CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial of service (application crash) via a (1) CON, (2) AUX, or (3) NUL device name in the filename of an attachment. Affected products include: Almail Al-Mail32. Version information: before 1.13.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of
Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files vi
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today