CVE-2016-10074

Public Exploit

Description

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.

References

Link	Tags
https://www.exploit-db.com/exploits/42221/	exploit
https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html	exploit third party advisory technical description
http://www.securityfocus.com/bid/95140	vdb entry third party advisory
http://packetstormsecurity.com/files/140290/SwiftMailer-Remote-Code-Execution.html	third party advisory exploit
http://seclists.org/fulldisclosure/2016/Dec/86	mailing list exploit
https://www.exploit-db.com/exploits/40972/	third party advisory exploit
https://www.exploit-db.com/exploits/40986/	exploit
http://www.debian.org/security/2017/dsa-3769	vendor advisory
https://github.com/swiftmailer/swiftmailer/blob/5.x/CHANGES	patch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2016-10074?: CVE-2016-10074 has been scored as a critical severity vulnerability.
How to fix CVE-2016-10074?: To fix CVE-2016-10074, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2016-10074 being actively exploited in the wild?: It is possible that CVE-2016-10074 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~75% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-77 – Improper Neutralization of Special Elements used in a Command ('Command Injection')

References

Frequently Asked Questions