Cmail · Cmailserver · CVE-2008-6922
Name of the Vulnerable Software and Affected Versions:
CMailServer version 5.4.6
Description:
The issue is caused by multiple stack-based buffer overflows in CMailCOM.dll, allowing remote attackers to execute arbitrary code via long arguments to various methods. These methods include `CreateUserPath`, `Logout`, `DeleteMailByUID`, `MoveToInbox`, `MoveToFolder`, `DeleteMailEx`, `GetMailDataEx`, `SetReplySign`, `SetForwardSign`, and `SetReadSign` in the POP3 Class ActiveX control, as well as `AddAttach`, `SetSubject`, `SetBcc`, `SetBody`, `SetCc`, `SetFrom`, `SetTo`, and `SetFromUID` in the SMTP Class ActiveX control. The `indexOfMail` parameter to mwmail.asp is also vulnerable.
Recommendations:
For CMailServer version 5.4.6, consider disabling the vulnerable methods in the POP3 Class ActiveX control and the SMTP Class ActiveX control until a patch is available. Restrict access to the CMailCOM.dll to minimize the risk of exploitation. Avoid using long arguments to the affected methods. At the moment, there is no information about a newer version that contains a fix for this vulnerability.