MailEnable POP3 Server APOP Command Remote Buffer Overflow

Critical Nessus Plugin ID 21139


The remote POP3 server is affected by a buffer overflow flaw.


The remote host is running MailEnable, a commercial mail server for Windows.

The POP3 server bundled with the version of MailEnable on the remote host has a buffer overflow flaw involving the APOP command that can be exploited remotely by an unauthenticated attacker to crash the affected service and possibly to execute code remotely.


Apply the ME-10012 hotfix or upgrade to MailEnable Standard Edition 1.94 / Professional Edition 1.74 / Enterprise Edition 1.22 or later.

See Also

Plugin Details

Severity: Critical

ID: 21139

File Name: mailenable_pop_apop_overflow.nasl

Version: $Revision: 1.11 $

Type: remote

Agent: windows

Family: Windows

Published: 2006/03/23

Modified: 2013/01/25

Dependencies: 14773, 14772

Risk Information

Risk Factor: Critical


Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Vulnerability Publication Date: 2006/03/23

Reference Information

CVE: CVE-2006-1792

OSVDB: 30583