PT-2006-2346 · Mailenable · Mailenable Enterprise Edition+2
Published
2006-03-20
·
Updated
2017-07-20
·
CVE-2006-1337
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
MailEnable Standard Edition versions 1.92 and prior
MailEnable Professional Edition version 1.72 and prior
MailEnable Enterprise Edition version 1.2 and prior
Description
A buffer overflow issue exists in the POP3 service, allowing remote attackers to execute arbitrary code via unknown vectors before authentication. This is due to a boundary error in handling certain POP3 pre-authentication commands. Additionally, an error in the webmail component can lead to high CPU resource consumption when viewing malformed quoted-printable emails.
Recommendations
For MailEnable Standard Edition versions 1.92 and prior, update to version 1.93 or later.
For MailEnable Professional Edition version 1.72 and prior, update to version 1.73 or later.
For MailEnable Enterprise Edition version 1.2 and prior, update to version 1.21 or later.
Fix
RCE
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mailenable Enterprise Edition
Mailenable Professional Edition
Mailenable Standard Edition