Vulnerability Note VU#819630
NJStar Communicator MiniSmtp packet processing buffer overflow vulnerability
NJStar Communicator MiniSmtp server contains a buffer overflow vulnerability when processing malicious packets.
According to the NJStar's website, "NJStar Communicator enables Chinese, Japanese and Korean (CJK) language input, display, print and conversions on your English or other western Windows." NJStar Communicator contains a MiniSmtp server which listens on tcp/25. This MiniSmtp server contains a vulnerability caused by a boundary error when processing malicious packets. Note this server is not enabled by default.
NJStar Communicator MiniSmtp version 3.0.11818 is reported to be affected. Other versions may also be affected. Exploit code has been released publicly.
An attacker with network access to the NJStar Communicator MiniSmtp server could access the system with administrative privileges and potentially compromise the underlying host.
We are currently unaware of a practical solution to this problem.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|NJStar Software Pty Ltd.||Affected||-||09 Nov 2011|
CVSS Metrics (Learn More)
This vulnerability was discovered by Dillon Beresford.
This document was written by Michael Orlando.
- CVE IDs: CVE-2011-4040
- Date Public: 31 Oct 2011
- Date First Published: 01 Nov 2011
- Date Last Updated: 09 Nov 2011
- Severity Metric: 20.85
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.