MailEnable < 1.8.1 mailto Remote Format String Overflow

Critical Nessus Network Monitor Plugin ID 2717


The remote host is vulnerable to a remote 'format string' flaw.


The remote host is running a version of MailEnable Professional which is reported to be prone to a remote format string vulnerability. Specifically, the application fails to properly parse the SMTP 'mailto:' request. An attacker exploiting this flaw would send a malformed query to the server which, upon being parsed, would either crash the remote host or possibly execute arbitrary commands on the remote host.


Upgrade to version 1.8.1 or higher.

See Also

Plugin Details

Severity: Critical

ID: 2717

Family: SMTP Servers

Published: 2005/03/17

Modified: 2018/07/11

Dependencies: 2004, 2005

Nessus ID: 17974, 17364

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 9.8

Temporal Score: 9.1


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:mailenable:mailenable

Exploitable With


Reference Information

CVE: CVE-2005-0804, CVE-2005-1013, CVE-2005-1014, CVE-2005-1015

BID: 12833, 12994, 12995, 13040, 13772