Vulnerability Description
Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcafee | Webshield Smtp | <= 4.5 |
References
- http://secunia.com/advisories/19491PatchVendor Advisory
- http://securityreason.com/securityalert/671
- http://securitytracker.com/id?1015861
- http://www.osvdb.org/24366
- http://www.securityfocus.com/archive/1/429812/100/0/threaded
- http://www.securityfocus.com/bid/16742Patch
- http://www.vupen.com/english/advisories/2006/1219
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25621
- http://secunia.com/advisories/19491PatchVendor Advisory
- http://securityreason.com/securityalert/671
- http://securitytracker.com/id?1015861
- http://www.osvdb.org/24366
- http://www.securityfocus.com/archive/1/429812/100/0/threaded
- http://www.securityfocus.com/bid/16742Patch
- http://www.vupen.com/english/advisories/2006/1219
FAQ
What is CVE-2006-0559?
CVE-2006-0559 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination...
How severe is CVE-2006-0559?
CVE-2006-0559 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0559?
Check the references section above for vendor advisories and patch information. Affected products include: Mcafee Webshield Smtp.