CVE-2004-0309

critical

Description

Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/14991

http://www.securityfocus.com/bid/9696

http://www.osvdb.org/3991

http://www.kb.cert.org/vuls/id/619982

http://www.ciac.org/ciac/bulletins/o-084.shtml

http://marc.info/?l=bugtraq&m=107722656827427&w=2

http://download.zonelabs.com/bin/free/securityAlert/8.html

Details

Source: Mitre, NVD

Published: 2004-11-23

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.08844