Ultrafunk Popcorn多个远程拒绝服务攻击漏洞

Ultrafunk Popcorn多个远程拒绝服务攻击漏洞

漏洞ID 1106845 漏洞类型 其他
发布时间 2002-07-11 更新时间 2005-10-20
图片[1]-Ultrafunk Popcorn多个远程拒绝服务攻击漏洞-安全小百科CVE编号 CVE-2002-1043
图片[2]-Ultrafunk Popcorn多个远程拒绝服务攻击漏洞-安全小百科CNNVD-ID CNNVD-200210-152
漏洞平台 Windows CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/21612
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-152
|漏洞详情
UltrafunkPopcorn是一款已经长久没有维护的EMAIL客户端,使用在MicrosoftWindows操作系统下。UltrafunkPopcorn在处理邮件时对数据缺少正确处理,导致远程攻击者可以利用这些漏洞进行拒绝服务攻击。UltrafunkPopcorn存在3个漏洞,可以导致远程攻击者对UltrafunkPopcorn进行拒绝服务攻击:1,如果攻击者发送包含tt字符的’Subject’字段的邮件,当UltrafunkPopcorn处理时,可导致程序崩溃。2,如果攻击者发送包含超过490个字节字符的’Subject’字段邮件,当UltrafunkPopcorn处理时,可导致程序崩溃。3,当邮件接收到时,对日期(date)字段的管理存在问题,当攻击者发送日期(date)字段中包含超过2037年的值,UltrafunkPopcorn处理时,可导致程序崩溃。
|漏洞EXP
source: http://www.securityfocus.com/bid/5212/info

Ultrafunk Popcorn email client is designed for Microsoft Windows systems and is no longer being maintained.

It has been reported that Popcorn email client will stop responding when attempting to open malformed messages.

Reportedly, a message containing an unusual amount of data or a malformed string of characters in the subject field will initiate a denial of service. This has also been known to occur when the date field of a mail message has the year specified higher than 2037. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/21612.tgz
|参考资料

来源:BID
名称:5212
链接:http://www.securityfocus.com/bid/5212
来源:XF
名称:popcorn-mail-dos(9547)
链接:http://www.iss.net/security_center/static/9547.php
来源:BUGTRAQ
名称:20020711Popcornvulnerabilities
链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html

相关推荐: BitchX IRC客户端缓冲区溢出漏洞

BitchX IRC客户端缓冲区溢出漏洞 漏洞ID 1106114 漏洞类型 缓冲区溢出 发布时间 2000-12-04 更新时间 2005-05-02 CVE编号 CVE-2001-0050 CNNVD-ID CNNVD-200102-078 漏洞平台 Un…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享