MailEnable SMTP AUTH LOGIN buffer overflow

Added: 06/30/2006
CVE: CVE-2005-1781
BID: 13772
OSVDB: 16851

Background

MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services.

Problem

The SMTP service in MailEnable is affected by a buffer overflow vulnerability which could allow a remote unauthenticated attacker to execute arbitrary commands by sending a specially crafted AUTH LOGIN command.

Resolution

Apply the hotfix.

References

http://secunia.com/advisories/15487

Limitations

Exploit works on MailEnable Enterprise Edition 1.04 on Windows 2000 SP4, Windows XP SP2, and Windows Server 2003 SP0.

Platforms

Windows 2000
Windows XP
Windows Server 2003

Back to exploit index