IMail IMAP DELETE command buffer overflow

Added: 06/01/2006
CVE: CVE-2004-1520
BID: 11675
OSVDB: 11838

Background

IMail is an e-mail server for Windows platforms.

Problem

A buffer overflow in the IMAP service could allow remote attackers to execute commands by sending a long, specially crafted DELETE command. The attacker would need to know a valid e-mail login and password on the server in order to exploit this vulnerability.

Resolution

Apply IMail Server 8.14 Hotfix 1.

References

http://secunia.com/advisories/13200

Limitations

Exploit works on IMail 8.13. A valid e-mail login and password are required in order to exploit the vulnerability.

Platforms

Windows 2000
Windows XP
Windows XP SP1

Back to exploit index