SAINT CorporationSAINT:5CEDC335D46AA9BFB258C5B378400F5EIMail IMAP DELETE command buffer overflow
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.6%
Added: 06/01/2006
CVE: CVE-2004-1520
BID: 11675
OSVDB: 11838
Background
IMail is an e-mail server for Windows platforms.
Problem
A buffer overflow in the IMAP service could allow remote attackers to execute commands by sending a long, specially crafted **DELETE** command. The attacker would need to know a valid e-mail login and password on the server in order to exploit this vulnerability.
Resolution
Apply IMail Server 8.14 Hotfix 1.
References
<http://secunia.com/advisories/13200>
Limitations
Exploit works on IMail 8.13. A valid e-mail login and password are required in order to exploit the vulnerability.
Platforms
Windows 2000
Windows XP
Windows XP SP1
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.6%