MailEnable IMAP W3C Logging Buffer Overflow
Added: 12/03/2005CVE: CVE-2005-3155
BID: 15006
OSVDB: 19842
Background
MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail.Problem
MailEnable's IMAP service is affected by a buffer overflow condition in the handling of W3C logging. This could allow authenticated users to execute arbitrary commands.Resolution
Upgrade to MailEnable Professional 1.7 or MailEnable Enterprise 1.1 with all needed hotfixes.References
http://secunia.com/advisories/17010Limitations
Exploit works on MailEnable Professional 1.6. A valid IMAP user name and password are required.Platforms
Windows 2000 / Windows XPWindows Server 2003
Back to exploit index