Check Point Advisories

Preemptive Protection against MailEnable "APPEND" Buffer Overflow Vulnerability

Check Point Reference: CPAI-2007-036
Date Published: 29 Mar 2007
Severity: Medium
Last Updated: Tuesday 08 May, 2007
Source: FrSIRT/ADV-2007-0811
Industry Reference:CVE-2007-1301
Protection Provided by:
Who is Vulnerable? MailEnable Enterprise Edition version 2.37 and prior
MailEnable Professional Edition version 2.37 and prior
Vulnerability Description A buffer overflow vulnerability exists in MailEnable service. MailEnable is an email server suite for Microsoft Windows that supports various email access and exchange protocols, including the Internet Message Access Protocol (IMAP). IMAP is a standard protocol for accessing e-mail from a local server that provides management of received messages on a remote server. Several mail servers contain buffer overflow errors in the way they handle commands. A remote attacker can exploit this issue to trigger a buffer overflow which may lead to an application crash and to arbitrary code execution.
Update/Patch AvaliableApply patch:
MailEnable
Vulnerability DetailsThe vulnerability is due to a buffer overflow error when processing malformed IMAP commands. A remote attacker can exploit this flaw via a specially crafted 'APPEND' command with an overly long string in its parameter. Successful exploitation may allow an attacker to create a denial of service condition or execute arbitrary code on an affected system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK