CVE-2004-1013

Name of the Vulnerable Software and Affected Versions: Cyrus IMAP Server versions 2.2.x through 2.2.8

Description: The issue concerns the argument parser of the FETCH command in Cyrus IMAP Server, which allows remote authenticated users to execute arbitrary code. This can be achieved through specific commands, such as "body[p", "binary[p", or "binary[p", that cause an index increment error. This error leads to an out-of-bounds memory corruption, enabling the execution of arbitrary code.

Recommendations: For Cyrus IMAP Server versions 2.2.x through 2.2.8, consider disabling the FETCH command until a patch is available to prevent the execution of arbitrary code. Restrict access to the affected command to minimize the risk of exploitation.