Ipswitch IMail Client < 2006.23 Multipart MIME Email Overflow
Medium Nessus Network Monitor Plugin ID 4268
SynopsisThe remote Windows host contains a program that is prone to a buffer overflow attack.
DescriptionIMail Client, a tool for administering Ipswitch IMail Server, is installed on the remote Windows host. The version of IMail Client on the remote host contains a boundary error that can be triggered by a long 'boundary' parameter in when processing emails with multipart MIME data. If an attacker can trick the Ipswitch Mail Server administrator to open a specially-crafted email using the affected application, he can leverage this issue to execute arbitrary code subject to the user's privileges.
SolutionUpgrade to version 2006.23 or higher.