CVE-2007-4560

EPSS 87.09% · P99 Updated Feb 27, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-4560

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

ClamAV Popen Function 远程代码执行漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

ClamAV版本之前的版本0.91.2版本的clamav-milter,当在black hole mode中运行时,远程攻击者可以借助在某popen调用程序中的外壳元字符，且这些元字符涉及sendmail字段的获取"，以执行任意指令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2007-4560

#	POC Description	Source Link	Shenlong Link
1	Exploit for CVE-2007-4560 (ClamAV Milter Sendmail 0.91.2 Remote Code Execution)	https://github.com/0x1sac/ClamAV-Milter-Sendmail-0.91.2-Remote-Code-Execution	POC Details
2	Python RCE exploit for Sendmail with ClamAV-Milter <0.91.2 (CVE-2007-4560). Remote root command injection via SMTP RCPT TO headers.	https://github.com/strikoder/sendmail-clamav-exploit-CVE-2007-4560	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2007-4560

请登录查看更多情报信息。

http://docs.info.apple.com/article.html?artnum=307562x_refsource_CONFIRM
http://www.nruns.com/security_advisory_clamav_remote_code_exection.phpx_refsource_MISC
http://secunia.com/advisories/26674third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26683third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26654third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26822third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/25439vdb-entryx_refsource_BID
http://secunia.com/advisories/26916third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/29420third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/26751third-party-advisoryx_refsource_SECUNIA
http://www.securitytracker.com/id?1018610vdb-entryx_refsource_SECTRACK
http://www.debian.org/security/2007/dsa-1366vendor-advisoryx_refsource_DEBIAN
http://www.trustix.org/errata/2007/0026/vendor-advisoryx_refsource_TRUSTIX
http://www.vupen.com/english/advisories/2008/0924/referencesvdb-entryx_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200709-14.xmlvendor-advisoryx_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDKSA-2007:172vendor-advisoryx_refsource_MANDRIVA
http://www.novell.com/linux/security/advisories/2007_18_sr.htmlvendor-advisoryx_refsource_SUSE
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.htmlvendor-advisoryx_refsource_FEDORA
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.htmlvendor-advisoryx_refsource_APPLE
http://www.securityfocus.com/archive/1/477723/100/0/threadedmailing-listx_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2007-4560

Same Patch Batch · n/a · 2007-08-28 · 23 CVEs total

CVE-2007-4557		Novell GroupWise WebAccess 跨站脚本攻击漏洞
CVE-2007-4580		Trustware BufferZone 缓冲区溢出漏洞
CVE-2007-4578		Sophos Antivirus UPX文件解析拒绝服务漏洞
CVE-2007-4577		Sophos Antivirus BZIP文件解析拒绝服务漏洞
CVE-2007-3846		Subversion for Windows Remote 目录遍历漏洞
CVE-2007-4566		SIDVault Simple_Bind函数多个远程栈溢出漏洞
CVE-2007-4565		Fetchmail无效警告消息本地拒绝服务漏洞
CVE-2007-4564		Hitachi Cosminexus Application Server 多个授权访问漏洞
CVE-2007-4563		Hitachi Cosminexus Application Server 多个授权访问漏洞
CVE-2007-4562		Hitachi DABroker拒绝服务漏洞
CVE-2007-4561		Real Networks Helix服务器RTSP命令远程堆溢出漏洞
CVE-2007-4549		ALPass Import Site Information 缓冲区溢出漏洞
CVE-2007-4556		XWork AltSyntax功能OGNL命令注入漏洞
CVE-2007-4521		Asterisk畸形MIME体远程拒绝服务漏洞
CVE-2006-7222		Media Player Classic FLI文件处理远程缓冲区溢出漏洞
CVE-2007-4559		Python tarfile 模块路径遍历漏洞
CVE-2007-4555		Ipswitch WS_FTP 跨站脚本攻击漏洞
CVE-2007-4554		TikiWiki tiki-remind_password.php文件跨站脚本漏洞
CVE-2007-4553		Thomson ST SIP phone拒绝服务漏洞
CVE-2007-4552		RETIRED: Arcadem Index.PHP SQL注入漏洞

Showing top 20 of 23 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2007-4560

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2007-4560

I. Basic Information for CVE-2007-4560

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2007-4560

III. Intelligence Information for CVE-2007-4560

Same Patch Batch · n/a · 2007-08-28 · 23 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2007-4560

Leave a comment