MailEnable < 1.8.1 mailto Remote Format String Overflow
Critical Nessus Network Monitor Plugin ID 2717
SynopsisThe remote host is vulnerable to a remote 'format string' flaw.
DescriptionThe remote host is running a version of MailEnable Professional which is reported to be prone to a remote format string vulnerability. Specifically, the application fails to properly parse the SMTP 'mailto:' request. An attacker exploiting this flaw would send a malformed query to the server which, upon being parsed, would either crash the remote host or possibly execute arbitrary commands on the remote host.
SolutionUpgrade to version 1.8.1 or higher.