CVE-2017-9046

winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:pmail:pegasus:4.72:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-05-21 14:29

Updated : 2024-02-04 19:11


NVD link : CVE-2017-9046

Mitre link : CVE-2017-9046

CVE.ORG link : CVE-2017-9046


JSON object : View

Products Affected

pmail

  • pegasus
CWE
CWE-20

Improper Input Validation