| VID |
12064 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The MailEnable HTTPMail service is vulnerable to a GET Buffer Overflow Vulnerability.
MailEnable is a POP3 and SMTP server for Microsoft Windows platforms. The professional version of MailEnable includes an additional mail access service called HTTPMail. HTTPMail is a mail access protocol based on WEBDAV that allows you to access your mail from the server without downloading the mail (as is often the case with POP).
MailEnable Professional Edition versions 1.18 and earlier are vulnerable to buffer overflow, caused by a vulnerability in the HTTPMail service, MEHTTPS.exe. This vulnerability could be exploited by issuing an HTTP request exceeding 4045 bytes (8500 if logging is disabled, which is not the default setting), which causes a heap buffer overflow, crashing the HTTPMail service and possibly allowing for arbitrary code execution.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=6037
http://secunia.com/advisories/11588/
* Platforms Affected:
MailEnable Pty. Ltd, MailEnable Professional Edition 1.18 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of MailEnable Professional (1.19 or later), available from the MailEnable Web site at http://mailenable.com/ |
| Related URL |
CVE-2004-2727 (CVE) |
| Related URL |
10312 (SecurityFocus) |
| Related URL |
16114,16115 (ISS) |
|
