MDaemon WorldClient form2raw.cgi From buffer overflow

Added: 09/18/2006
CVE: CVE-2003-1200
BID: 9317
OSVDB: 3255

Background

MDaemon is an e-mail server product for Windows. It includes a web mail component called WorldClient.

Problem

A buffer overflow in MDaemon WorldClient allows remote command execution by sending a web request for the form2raw.cgi program containing a long From parameter.

Resolution

Upgrade to MDaemon 6.8.6 or higher, or delete the following two lines from \MDaemon\WorldClient\WorldClient.ini and restart WorldClient:

CgiBase2=/Form2Raw.cgi 
CgiFile2=C:\MDaemon\CGI\Form2Raw.exe 

References

http://archives.neohapsis.com/archives/bugtraq/2003-12/0331.html

Limitations

Exploit works on MDaemon 6.8.5 on Windows 2000 SP4. Due to the nature of the vulnerability, there may be a delay before the exploit succeeds. Windows needs to be restarted before re-running the exploit.

Platforms

Windows 2000

Back to exploit index