MDaemon IMAP FETCH command buffer overflow
Added: 03/31/2008CVE: CVE-2008-1358
BID: 28245
OSVDB: 43111
Background
MDaemon is an e-mail server for Windows.Problem
A buffer overflow vulnerability in the IMAP service allows authenticated users to execute arbitrary commands by sending a FETCH command with a long BODY.Resolution
Upgrade to MDaemon 9.6.5.References
http://secunia.com/advisories/29382/Limitations
Exploit works on MDaemon 9.6.4 and requires the login and password of a valid IMAP user.Platforms
Windows 2000Windows Server 2003
Back to exploit index