Hexamail Server pop3 Service USER Command Remote Overflow (credentialed check)

This script is Copyright (C) 2007-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a program that is affected by a buffer
overflow vulnerability.

Description :

According to its version, the installation of Hexamail on the remote
host is affected by a buffer overflow in its POP3 service component
that can be exploited by an unauthenticated, remote attacker to crash
the service or to execute arbitrary code on the affected host with
LOCAL SYSTEM privileges.

See also :

http://www.nessus.org/u?31225944

Solution :

Upgrade to Hexamail version 3.0.1.004 or later as that reportedly
resolves the issue.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.0
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 26016 (hexamail_pop3_overflow_creds.nasl)

Bugtraq ID: 25496

CVE ID: CVE-2007-4646

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now