CVE-2009-1516

Name of the Vulnerable Software and Affected Versions: IceWarp Merak Mail Server version 9.4.1

Description: The issue is related to a stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control. This occurs in the api.dll component of IceWarp Merak Mail Server. The overflow can happen when a large value is passed as the second argument to the Base64FileEncode method. This could potentially allow attackers to execute arbitrary code, especially in scenarios where untrusted input is accepted for this method.

Recommendations: For IceWarp Merak Mail Server version 9.4.1, consider restricting access to the Base64FileEncode method until a patch is available. As a temporary workaround, avoid using the Base64FileEncode method with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.