Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

MailEnable < 1.8.1 mailto Remote Format String Overflow

Critical

Synopsis

The remote host is vulnerable to a remote 'format string' flaw.

Description

The remote host is running a version of MailEnable Professional which is reported to be prone to a remote format string vulnerability. Specifically, the application fails to properly parse the SMTP 'mailto:' request. An attacker exploiting this flaw would send a malformed query to the server which, upon being parsed, would either crash the remote host or possibly execute arbitrary commands on the remote host.

Solution

Upgrade to version 1.8.1 or higher.