CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
95.9%
Added: 08/02/2007
CVE: CVE-2007-3927
BID: 24962
OSVDB: 36222
IMail is an e-mail server for Windows platforms.
A buffer overflow vulnerability in the IMAP service could allow an authenticated attacker to execute arbitrary commands by sending a specially crafted SUBSCRIBE command.
Upgrade to Ipswitch IMail Server version 2006.21.
<http://www.zerodayinitiative.com/advisories/ZDI-07-043.html>
Exploit works on Ipswitch IMail 2006.2 and requires a valid IMAP login and password.
Windows 2000
Windows Server 2003