📦

foxmail

Vendor: foxmail

Actively Exploited 0 CISA KEV List

PoC / Exploits 2 Code Available

Total RCEs 2 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 15.16% Exploit Prob.

Latest CVE CVE-2018-11616 Aug 30

Security Vulnerability Index

Page 1 / 1

8.8 CVSS

CVE-2018-11616

RCE

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Tencent Foxmail 7.2.9.115. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5543.

EPSS: 1.58%

Severity: HIGH

Aug 30, 2018

9.3 CVSS

CVE-2008-5839

RCE Exploit Found

Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element.

EPSS: 23.15%

Severity: HIGH

Jan 05, 2009

6.8 CVSS

CVE-2004-2719

Exploit Found

Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339.

EPSS: 20.73%

Severity: MEDIUM

Dec 31, 2004

Displaying 3 of 2 Total Entries

Total 1 Sections