CMailServer CMailCOM.dll MoveToFolder buffer overflow

Added: 08/27/2008
BID: 30098
OSVDB: 46750

Background

CMailServer is a mail and web mail server.

The CMailServer web interface includes the CMailCOM.dll component which provides several classes.

Problem

A buffer overflow vulnerability in the MoveToFolder method of the POP3 class in CMailCOM.dll allows a remote attacker to execute arbitrary commands by requesting the mvmail.asp script with specially crafted arguments.

Resolution

Upgrade to version 5.4.7, which will presumably contain a fix, or higher when available.

References

http://secunia.com/advisories/30940/

Limitations

Exploit works on CMailServer 5.4.6.

In order for this exploit to succeed on Windows XP, the account used for anonymous access must be the IIS guest account (IWAM_XXX).

Platforms

Windows 2000
Windows XP

Back to exploit index