Main
Vulnerability Database
Exploits
ID:1405 - Exploit for Heap-based buffer overflow in Exim - CVE-2010-4344
ID:1405 - Exploit for Heap-based buffer overflow in Exim - CVE-2010-4344
Published: March 18, 2020
Vulnerability identifier: #VU12128
Vulnerability risk: High
CVE-ID: CVE-2010-4344
CWE-ID: CWE-122
Exploitation vector: Remote access
Vulnerable software:
Exim
Exim
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists in the string_vformat function in string.c due to heap-based buffer overflow. A remote attacker can trigger memory corruption and execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing specially crafted headers, leading to improper rejection logging.
The weakness exists in the string_vformat function in string.c due to heap-based buffer overflow. A remote attacker can trigger memory corruption and execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing specially crafted headers, leading to improper rejection logging.
Remediation
Update to version 4.70.