Search for vulnerabilities
Vulnerability details: VCID-u8ja-8emy-aaan
Vulnerability ID VCID-u8ja-8emy-aaan
Aliases CVE-2007-1264
Summary Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.
Status Published
Exploitability 2.0
Weighted Severity 4.5
Risk 9.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.03208 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.03208 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.03208 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.03208 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.05700 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09222 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.09775 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
epss 0.17176 https://api.first.org/data/v1/epss?cve=CVE-2007-1264
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2007-1264
Reference id Reference type URL
http://lists.gnupg.org/pipermail/gnupg-users/2007-March/030514.html
https://api.first.org/data/v1/epss?cve=CVE-2007-1264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1264
http://secunia.com/advisories/24416
http://securityreason.com/securityalert/2353
http://www.coresecurity.com/?action=item&id=1687
http://www.securityfocus.com/archive/1/461958/100/0/threaded
http://www.securityfocus.com/archive/1/461958/30/7710/threaded
http://www.securityfocus.com/bid/22758
http://www.securitytracker.com/id?1017727
http://www.vupen.com/english/advisories/2007/0835
415225 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415225
cpe:2.3:a:enigmail:enigmail:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:enigmail:enigmail:*:*:*:*:*:*:*:*
CVE-2007-1264 https://nvd.nist.gov/vuln/detail/CVE-2007-1264
CVE-2007-1264;OSVDB-33502 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/29690.py
CVE-2007-1264;OSVDB-33502 Exploit https://www.securityfocus.com/bid/22759/info
Data source Exploit-DB
Date added March 5, 2007
Description KMail 1.x - GnuPG Arbitrary Content Injection
Ransomware campaign use Known
Source publication date March 5, 2007
Exploit type remote
Platform linux
Source update date Nov. 19, 2013
Source URL https://www.securityfocus.com/bid/22759/info
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2007-1264
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.90992
EPSS Score 0.03208
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.