CVE-2007-1578

Name of the Vulnerable Software and Affected Versions Atrium MERCUR IMAPD version 5.00.14 with SP4

Description The issue is related to multiple integer signedness errors in the NTLM implementation, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending a long NTLMSSP argument that triggers a stack-based buffer overflow.

Recommendations For Atrium MERCUR IMAPD version 5.00.14 with SP4, consider disabling the NTLM implementation until a patch is available to prevent exploitation of the integer signedness errors. Restrict access to the NTLMSSP argument to minimize the risk of triggering a stack-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.