MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail.
A buffer overflow in the SELECT, CREATE, DELETE, RENAME, SUBSCRIBE, and UNSUBSCRIBE commands could allow an authenticated user to execute arbitrary commands using a long, specially crafted mailbox name.
Exploit works against MailEnable Professional 1.6. The vulnerable host must be able to connect back to a port on the attacking host. Exploit requires a valid IMAP user and password.