CVE-2007-1637

Name of the Vulnerable Software and Affected Versions: Ipswitch IMail Server versions prior to 2006.2

Description: The issue is related to multiple buffer overflows in the IMAILAPILib ActiveX control. This can be exploited by remote attackers to execute arbitrary code. The exploitation can occur through various members in different controls, including the WebConnect and Connect members in the IMailServer control, the Sync3 and Init3 members in the IMailLDAPService control, and the SetReplyTo member in the IMailUserCollection control.

Recommendations: For Ipswitch IMail Server versions prior to 2006.2, update to version 2006.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the IMailAPI.dll ActiveX control until a patch is applied. Avoid using the vulnerable members, such as WebConnect, Connect, Sync3, Init3, and SetReplyTo, in the affected controls until the issue is resolved.