MailEnable Standard SMTP mailto: Request Format String

medium Nessus Plugin ID 17364


The remote SMTP server is afflicted by a format string vulnerability.


The remote host is running a version of MailEnable Standard Edition that suffers from a format string vulnerability in its handling of SMTP commands. Specifically, a remote attacker can crash the SMTP daemon by sending a command with a format specifier as an argument. Due to the nature of the flaw, it is likely that an attacker can also be able to gain control of program execution and inject arbitrary code.


Apply the SMTP fix from 18th March 2005 located at

See Also

Plugin Details

Severity: Medium

ID: 17364

File Name: mailenable_smtp_cmd_format_strings.nasl

Version: 1.18

Type: remote

Published: 3/18/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 4.2


Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/17/2005

Reference Information

CVE: CVE-2005-0804

BID: 12833