| VID |
22395 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The MailEnable HTTPMail service is vulnerable to a buffer overflow vulnerability in the Authorization header. MailEnable is a POP3 and SMTP server for Microsoft Windows platforms. MailEnable Enterprise versions 1.04 and earlier and Professional versions 1.54 and earlier are vulnerable to a buffer overflow vulnerability in the HTTPMail service (MEHTTPS.exe). By sending a specially-crafted HTTP Authorization header, a remote attacker could exploit this vulnerability to execute arbitrary code on the affected host.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=111445834220015&w=2
* Platforms Affected:
MailEnable Pty. Ltd, MailEnable Enterprise Edition versions 1.04 and earlier
MailEnable Pty. Ltd, MailEnable Professional Edition versions 1.54 and earlier
Microsoft Windows Any version |
| Recommendation |
Apply the HTTPMail Fix dated April 22, 2005 for MailEnable Professional and Enterprise, available from the MailEnable Hotfix Download Web page at http://www.mailenable.com/hotfix/ |
| Related URL |
CVE-2005-1348 (CVE) |
| Related URL |
13350 (SecurityFocus) |
| Related URL |
20610 (ISS) |
|
