MailEnable HTTPMail Authorization header buffer overflow

Added: 06/26/2006
CVE: CVE-2005-1348
BID: 13350
OSVDB: 15737


MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail.


MailEnable's HTTPMail service is affected by a buffer overflow vulnerability which could allow a remote attacker to execute arbitrary commands using a long, specially crafted Authorization header in an HTTP request.


Upgrade to a version of MailEnable Enterprise higher than 1.04 or MailEnable Professional higher than 1.54, or install the HTTPMail fix.



Exploit works on MailEnable Enterprise 1.04.


Windows 2000
Windows XP
Windows Server 2003
Windows Server 2003 SP1

Back to exploit index