PT-2007-2392 · Mailenable · Mailenable Professional
Mu-B
·
Published
2007-02-15
·
Updated
2019-10-02
·
CVE-2007-0955
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
MailEnable Professional versions 2.35 and earlier
Description:
The issue allows remote attackers to cause a denial of service, resulting in an application crash. This is achieved by sending certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which leads to an out-of-bounds read.
Recommendations:
For MailEnable Professional versions 2.35 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mailenable Professional