Eudora WorldMail IMAPd UID Command Buffer Overflow Vulnerability

Added: 03/06/2014
BID: 65650
OSVDB: 104071

Background

Eudora WorldMail is an e-mail server for Windows.

Problem

Eudora WorldMail version 9.0.333.0 (and probably earlier) IMAPd service is vulnerable to buffer overflow as a result of improper validation of user-supplied input when handling UID commands.

Resolution

Contact the vendor to determine if an update is planned. The Eudora WorldMail page indicates that Qualcomm no longer sells Worldmail, but technical support is still available.

References

http://www.osvdb.org/show/osvdb/104071

Limitations

Expoit works on Eudora Qualcomm WorldMail 9.0.333.0 IMAPd Service running on Windows Server 2003 SP1.

Platforms

Windows

Back to exploit index