CVE-2006-6605

Name of the Vulnerable Software and Affected Versions MailEnable Standard versions 1.98 and earlier MailEnable Professional versions 1.84 and 2.35 and earlier MailEnable Enterprise versions 1.41 and 2.35 and earlier

Description The issue is caused by a boundary error in the POP service when handling arguments passed to the PASS command, leading to a stack-based buffer overflow. This can be exploited by passing an overly long, specially crafted string as an argument to the affected command, allowing execution of arbitrary code.

Recommendations For MailEnable Standard versions 1.98 and earlier, update to a version later than 1.98. For MailEnable Professional versions 1.84 and 2.35 and earlier, update to a version later than 2.35. For MailEnable Enterprise versions 1.41 and 2.35 and earlier, update to a version later than 2.35. As a temporary workaround, consider restricting access to the POP service until a patch is available. Avoid using the PASS command with long arguments in the affected MailEnable versions to minimize the risk of exploitation.