CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.1%
NJStar Communicator MiniSmtp server contains a buffer overflow vulnerability when processing malicious packets.
According to the NJStar’s website, “NJStar Communicator enables Chinese, Japanese and Korean (CJK) language input, display, print and conversions on your English or other western Windows.” NJStar Communicator contains a MiniSmtp server which listens on tcp/25. This MiniSmtp server contains a vulnerability caused by a boundary error when processing malicious packets. Note this server is not enabled by default.
NJStar Communicator MiniSmtp version 3.0.11818 is reported to be affected. Other versions may also be affected. Exploit code has been released publicly.
An attacker with network access to the NJStar Communicator MiniSmtp server could access the system with administrative privileges and potentially compromise the underlying host.
We are currently unaware of a practical solution to this problem.
Restrict access
Restrict access to the NJStar Communicator MiniSmtp server to trusted users and networks.
819630
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: November 09, 2011
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
<http://www.njstar.com/cms/njstar-communicator>
This vulnerability was discovered by Dillon Beresford.
This document was written by Michael Orlando.
CVE IDs: | CVE-2011-4040 |
---|---|
Severity Metric: | 20.85 Date Public: |