CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.6%
Added: 06/01/2006
CVE: CVE-2004-1520
BID: 11675
OSVDB: 11838
IMail is an e-mail server for Windows platforms.
A buffer overflow in the IMAP service could allow remote attackers to execute commands by sending a long, specially crafted **DELETE**
command. The attacker would need to know a valid e-mail login and password on the server in order to exploit this vulnerability.
Apply IMail Server 8.14 Hotfix 1.
<http://secunia.com/advisories/13200>
Exploit works on IMail 8.13. A valid e-mail login and password are required in order to exploit the vulnerability.
Windows 2000
Windows XP
Windows XP SP1