#dotdotheader_menu.html#
Mailenable 1.1 Enterprise Remote Code Execution
Author: Mati Aharoni
Date: 1 May 2005
-[ Product: Mailenable 1.1 Enterprise-[ Version: 1.1
-[ OS: Windows
-[ Vendor: http://www.mailenable.com
Summary
The Mailenable IMAP server is vulnerable to a buffer overflow condition in the EXAMINE command which can lead to remote code execution.
Problem
A remote buffer overflow exists in MailEnable Enterprise 1.1 IMAP EXAMINE command, which allows for post authentication code execution. This vulnerability affects Mailenable Enterprise 1.1 *without* the ME-10009.EXE patch. For proof of concept see:
http://www.milw0rm.com/exploits/1378
Patches
Vendor was notified and a patch was released.
#dotdotfree_projects_menu.html#