CVE-2007-3796

Name of the Vulnerable Software and Affected Versions MailMarshal SMTP versions 6.2.0.x through 6.2.0.x

Description The password reset feature in the Spam Quarantine HTTP interface has an issue that allows remote attackers to modify arbitrary account information. This is achieved by exploiting the UserId variable with a large amount of trailing whitespace followed by a malicious value, triggering SQL buffer truncation due to length inconsistencies between variables.

Recommendations For MailMarshal SMTP versions 6.2.0.x, update to version 6.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the password reset feature in the Spam Quarantine HTTP interface until the update is applied.