CVE-2008-1277
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
6.8 Medium
AI Score
Confidence
High
0.233 Low
EPSS
Percentile
96.6%
The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allows remote attackers to cause a denial of service (crash) via (1) SEARCH and (2) APPEND commands without required arguments, which triggers a NULL pointer dereference.
Affected configurations
References
aluigi.altervista.org/adv/maildisable-adv.txt
secunia.com/advisories/29277
securityreason.com/securityalert/3724
www.securityfocus.com/archive/1/489270/100/0/threaded
www.securityfocus.com/bid/28145
www.securitytracker.com/id?1019565
www.vupen.com/english/advisories/2008/0799/references
exchange.xforce.ibmcloud.com/vulnerabilities/41059
Related
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
6.8 Medium
AI Score
Confidence
High
0.233 Low
EPSS
Percentile
96.6%