Apache SpamAssassin PDFInfo Plug-In Remote Code Execution Vulnerability



A vulnerability in Apache SpamAssassin could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

The vulnerability is due to a remote code execution bug in the PDFInfo plug-in of the affected software. An attacker could exploit this vulnerability by sending a malicious email message to the targeted system. A successful exploit could allow the attacker to execute arbitrary code.

Apache has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2018-11780

Source:: Cisco Multivendor Vulnerability Alerts