CVE-2006-5177

Name of the Vulnerable Software and Affected Versions MailEnable Professional version 2.0 MailEnable Enterprise version 2.0

Description The issue concerns the NTLM authentication mechanism, which allows remote attackers to execute arbitrary code or cause a denial of service. This is achieved through crafted base64 encoded NTLM messages. Specifically, NTLM Type 3 messages can lead to arbitrary code execution, while NTLM Type 1 messages can cause a buffer over-read, resulting in a denial of service.

Recommendations For MailEnable Professional version 2.0, consider disabling NTLM authentication until a patch is available. For MailEnable Enterprise version 2.0, restrict access to NTLM authentication mechanisms to minimize the risk of exploitation.