Vulnerability Details : CVE-2004-0309
Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument.
Vulnerability category: OverflowExecute code
Products affected by CVE-2004-0309
- cpe:2.3:a:zonelabs:zonealarm:4.5:*:pro:*:*:*:*:*
- cpe:2.3:a:zonelabs:zonealarm:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:zonelabs:zonealarm:4.0:*:plus:*:*:*:*:*
- cpe:2.3:a:zonelabs:zonealarm:4.0:*:pro:*:*:*:*:*
- cpe:2.3:a:zonelabs:integrity:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0309
10.66%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0309
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-0309
-
http://www.securityfocus.com/bid/9696
Vendor Advisory
-
http://marc.info/?l=bugtraq&m=107722656827427&w=2
-
http://www.ciac.org/ciac/bulletins/o-084.shtml
-
http://www.kb.cert.org/vuls/id/619982
Third Party Advisory;US Government Resource
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/14991
-
http://download.zonelabs.com/bin/free/securityAlert/8.html
Jump to