CVE-2003-0487

Name of the Vulnerable Software and Affected Versions: Kerio MailServer version 5.6.3

Description: The issue involves multiple buffer overflows and cross-site scripting attacks. Remote authenticated users can cause a denial of service and possibly execute arbitrary code via long parameters in various modules, including showuser in the do subscribe module, folder in the add acl and list modules, and user in the do map module. Additionally, cross-site scripting attacks are possible in the add acl and do map modules of the web mail component, where an attacker can exploit the vulnerability by enticing a victim user to follow a malicious link. The estimated number of potentially affected devices is not specified.

Recommendations: For Kerio MailServer version 5.6.3, consider disabling the do subscribe, add acl, list, and do map modules until a patch is available to prevent exploitation. Restrict access to the web mail component to minimize the risk of cross-site scripting attacks. Avoid using excessive length usernames and parameters in the affected modules to reduce the risk of buffer overflows. At the moment, there is no information about a newer version that contains a fix for this vulnerability.