IMail IMAP STATUS buffer overflow

Added: 11/29/2005
CVE: CVE-2005-1256
BID: 13727
OSVDB: 16806


IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, and a web interface and web calendaring service.


A buffer overflow when processing long mailbox names specified in the STATUS command allows an authenticated user to execute arbitrary code.


Upgrade to IMail 8.15 with Hotfix 2 or higher, IMail 8.2 with Hotfix 2 or higher, or Ipswitch Collaboration Suite 2.0 with Hotfix 2 or higher.



Exploit works on IpSwitch IMail Server 8.14 on Windows 2000 SP4 and Windows Server 2003 SP2 with KB956572. A valid IMAP login and password are required.


Windows 2000
Windows Server 2003

Back to exploit index