MailEnable IMAP command buffer overflow

Added: 01/24/2006
CVE: CVE-2004-2501
BID: 11755
OSVDB: 12135

Background

MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services.

Problem

A buffer overflow in the IMAP service allows an unauthenticated attacker to execute commands by sending a very long command.

Resolution

Upgrade to the latest version of MailEnable with all needed hotfixes.

References

http://archives.neohapsis.com/archives/bugtraq/2004-11/0349.html

Limitations

Exploit works on MailEnable Professional 1.52.

Platforms

Windows

Back to exploit index