CVE-2007-2795

Name of the Vulnerable Software and Affected Versions Ipswitch IMail versions prior to 2006.21

Description The issue is related to multiple buffer overflows that can be triggered by remote attackers or authenticated users, allowing them to execute arbitrary code. This can happen through the authentication feature in IMailsec.dll, which causes heap corruption in the IMail Server, or via a long SUBSCRIBE IMAP command that triggers a stack-based buffer overflow in the IMAP Daemon.

Recommendations For Ipswitch IMail versions prior to 2006.21, update to version 2006.21 or later to resolve the issue. As a temporary workaround, consider restricting access to the authentication feature in IMailsec.dll and limiting the length of SUBSCRIBE IMAP commands to minimize the risk of exploitation.