MailEnable IMAP EXAMINE Command Remote Overflow
High Nessus Plugin ID 20322
SynopsisIt is possible to execute code on the remote IMAP server.
DescriptionThe remote host is running a version of MailEnable's IMAP service that is prone to a buffer overflow attack when processing a EXAMINE command with a long mailbox name. Once authenticated, an attacker can exploit this flaw to execute arbitrary code subject to the privileges of the affected application. There are also reportedly similar issues with other IMAP commands.
SolutionInstall Hotfix ME-10010 for MailEnable Professional 1.71 and earlier or MailEnable Enterprise Edition 1.1 and earlier.