EasyMail Objects IMAP4 Component Connect Method Remote Overflow

High Nessus Plugin ID 24355


A COM object on the remote Windows host is affected by a buffer overflow vulnerability.


EasyMail Objects, a set of COM objects for supporting email protocols, is installed on the remote Windows host.

The IMAP4 component of the version of the DjVu Browser Plug-in installed on the remote host reportedly is affected by a stack buffer overflow in the 'Connect' method that can be triggered with a 500+ character hostname. An attacker may be able to leverage this issue to execute arbitrary code on the remote host subject to the user's privileges.


Install the latest version of EasyMail Objects 6.5 or later as that is rumoured to fix the issue.

See Also



Plugin Details

Severity: High

ID: 24355

File Name: easymail_objects_imap_connect_overflow.nasl

Version: $Revision: 1.13 $

Type: local

Agent: windows

Family: Windows

Published: 2007/02/16

Modified: 2015/01/12

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 7.6

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2007/02/15

Reference Information

CVE: CVE-2007-1029

BID: 22583

OSVDB: 33208