Zeta Components Mail CVE-2017-15806 Arbitrary Code Execution Vulnerability

Zeta Components Mail is prone to an arbitrary code execution vulnerability.

Successful exploits allow attackers to execute arbitrary code in the context of the host operating system. Failed exploit attempts will result in a denial of service condition.

Zeta Components Mail prior to 1.8.2 are vulnerable.


Bugtraq ID: 101866
Class: Input Validation Error
CVE: CVE-2017-15806

Remote: Yes
Local: Yes
Published: Nov 15 2017 12:00AM
Updated: Nov 16 2017 03:07PM
Credit: Kay.
Vulnerable: Zeta Components Mail 1.8

Not Vulnerable: Zeta Components Mail 1.8.2


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.

Related Posts