CVE-2008-1497 [Critical] | Memory Corruption in Surgemail

CVE-2008-1497 is rated High Exploit Risk (79.1/100): CVSS Critical severity, with high exploitation likelihood (EPSS 6.35%, 93th percentile). 3 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Link
—	nvd_ref	exploit_tag	Exploit-DB ↗
—	nvd_ref	exploit_tag	Exploit-DB ↗
—	nvd_ref	exploit_tag	Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	10.69%	6.35%	-4.33%
2	2025-03-30	7.63%	10.69%	+3.05%
3	2025-03-29	—	7.63%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

10.69%

6.35%

-4.33%

2025-03-30

7.63%

10.69%

+3.05%

2025-03-29

—

7.63%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
9.0	2.0	HIGH	`AV:N/AC:L/Au:S/C:C/I:C/A:C` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:S) A single authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	8.0	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

9.0

2.0

HIGH

AV:N/AC:L/Au:S/C:C/I:C/A:C Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:L): Exploitation conditions are straightforward and predictable.
Authentication (AU:S): A single authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

8.0

10.0

[email protected]

Affected software / configurations for CVE-2008-1497

Vendor	Product	Version	Raw CPE
netwin	surgemail	1.8g3	cpe:2.3:a:netwin:surgemail:1.8g3:::::::*
netwin	surgemail	1.9b2	cpe:2.3:a:netwin:surgemail:1.9b2:::::::*
netwin	surgemail	2.0a2	cpe:2.3:a:netwin:surgemail:2.0a2:::::::*
netwin	surgemail	2.0c	cpe:2.3:a:netwin:surgemail:2.0c:::::::*
netwin	surgemail	2.0e	cpe:2.3:a:netwin:surgemail:2.0e:::::::*
netwin	surgemail	2.0g2	cpe:2.3:a:netwin:surgemail:2.0g2:::::::*
netwin	surgemail	2.1c7	cpe:2.3:a:netwin:surgemail:2.1c7:::::::*
netwin	surgemail	2.2a6	cpe:2.3:a:netwin:surgemail:2.2a6:::::::*
netwin	surgemail	2.2c10	cpe:2.3:a:netwin:surgemail:2.2c10:::::::*
netwin	surgemail	2.2g2	cpe:2.3:a:netwin:surgemail:2.2g2:::::::*
netwin	surgemail	2.2g3	cpe:2.3:a:netwin:surgemail:2.2g3:::::::*
netwin	surgemail	3.0a	cpe:2.3:a:netwin:surgemail:3.0a:::::::*
netwin	surgemail	3.0c2	cpe:2.3:a:netwin:surgemail:3.0c2:::::::*
netwin	surgemail	3.2e	cpe:2.3:a:netwin:surgemail:3.2e:::::::*
netwin	surgemail	3.5a	cpe:2.3:a:netwin:surgemail:3.5a:::::::*
netwin	surgemail	3.5b3	cpe:2.3:a:netwin:surgemail:3.5b3:::::::*
netwin	surgemail	3.6d	cpe:2.3:a:netwin:surgemail:3.6d:::::::*
netwin	surgemail	3.6f3	cpe:2.3:a:netwin:surgemail:3.6f3:::::::*
netwin	surgemail	3.6f5	cpe:2.3:a:netwin:surgemail:3.6f5:::::::*
netwin	surgemail	3.6f7	cpe:2.3:a:netwin:surgemail:3.6f7:::::::*
netwin	surgemail	3.7b	cpe:2.3:a:netwin:surgemail:3.7b:::::::*
netwin	surgemail	3.7b3	cpe:2.3:a:netwin:surgemail:3.7b3:::::::*
netwin	surgemail	3.7b5	cpe:2.3:a:netwin:surgemail:3.7b5:::::::*
netwin	surgemail	3.7b6	cpe:2.3:a:netwin:surgemail:3.7b6:::::::*
netwin	surgemail	3.7b7	cpe:2.3:a:netwin:surgemail:3.7b7:::::::*
netwin	surgemail	3.7b8	cpe:2.3:a:netwin:surgemail:3.7b8:::::::*
netwin	surgemail	3.8a	cpe:2.3:a:netwin:surgemail:3.8a:::::::*
netwin	surgemail	3.8b	cpe:2.3:a:netwin:surgemail:3.8b:::::::*
netwin	surgemail	3.8d	cpe:2.3:a:netwin:surgemail:3.8d:::::::*
netwin	surgemail	3.8f	cpe:2.3:a:netwin:surgemail:3.8f:::::::*
netwin	surgemail	3.8f2	cpe:2.3:a:netwin:surgemail:3.8f2:::::::*
netwin	surgemail	3.8f3	cpe:2.3:a:netwin:surgemail:3.8f3:::::::*
netwin	surgemail	3.8i	cpe:2.3:a:netwin:surgemail:3.8i:::::::*
netwin	surgemail	3.8i2	cpe:2.3:a:netwin:surgemail:3.8i2:::::::*
netwin	surgemail	3.8i3	cpe:2.3:a:netwin:surgemail:3.8i3:::::::*
netwin	surgemail	3.8k	cpe:2.3:a:netwin:surgemail:3.8k:::::::*
netwin	surgemail	3.8k2	cpe:2.3:a:netwin:surgemail:3.8k2:::::::*
netwin	surgemail	3.8k3	cpe:2.3:a:netwin:surgemail:3.8k3:::::::*
netwin	surgemail	3.8m	cpe:2.3:a:netwin:surgemail:3.8m:::::::*

References for CVE-2008-1497

URL	Tags
http://secunia.com/advisories/29105	Vendor Advisory
http://securityreason.com/securityalert/3774	Exploit
http://www.infigo.hr/en/in_focus/advisories/INFIGO-2008-03-07	Exploit
http://www.netwinsite.com/surgemail/help/updates.htm	Vendor Advisory
http://www.securityfocus.com/archive/1/489959/100/0/threaded
http://www.securityfocus.com/bid/28377	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/41402

URL

CVE-2008-1497

Public exploit references (Exploit-DB) for CVE-2008-1497

Exploit prediction scoring system (EPSS) score for CVE-2008-1497

Common vulnerability scoring system (CVSS) metrics for CVE-2008-1497

Weakness enumeration for CVE-2008-1497

Affected software / configurations for CVE-2008-1497

References for CVE-2008-1497