CVE-2017-9046

Published: May 21, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://packetstormsecurity.com/files/142606/Pegasus-4.72-Build-572-Remote-Code-Execution.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2017-9046

Description

Affected Products

References