IMail LDAP buffer overflow

Added: 07/06/2006
CVE: CVE-2004-0297
BID: 9682
OSVDB: 3984

Background

IMail is an e-mail server for Windows platforms. It includes a service which implements the Lightweight Directory Access Protocol (LDAP).

Problem

A buffer overflow in IMail's LDAP service allows a remote attacker to overwrite the Global Exception Handler by sending long, specially crafted tags, leading to command execution.

Resolution

Upgrade to the latest version of IMail or apply IMail 8.05 Hotfix 2.

References

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=74

Limitations

Exploit works on IMail 8.0.

Platforms

Windows

Back to exploit index