CVE-2005-4456

Name of the Vulnerable Software and Affected Versions MailEnable Professional versions 1.71 and prior MailEnable Enterprise versions 1.1 and prior

Description The issue is related to multiple buffer overflows in MailEnable, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via long commands such as LIST, LSUB, and UID FETCH. These vulnerabilities can be exploited by an authenticated user to cause a DoS via malformed arguments or to cause a stack-based buffer overflow via an overly long argument.

Recommendations For MailEnable Professional versions 1.71 and prior, apply patch ME-10009 to resolve the issue. For MailEnable Enterprise versions 1.1 and prior, apply patch ME-10009 to resolve the issue. As a temporary workaround, consider restricting access to the IMAP service or disabling the UID FETCH, LIST, and LSUB commands until a patch is applied.