6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.5%
Added: 12/01/2006
CVE: CVE-2006-6290
BID: 21362
OSVDB: 31698
MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services.
A buffer overflow vulnerability in the IMAP service allows an authenticated attacker to execute arbitrary commands by sending a specially crafted SELECT command.
Apply the latest hotfix for IMAP.
<http://secunia.com/advisories/23080>
Exploit works on MailEnable Professional 2.32 with Patch ME-10018 and requires a valid IMAP login name, password, and post office name.
Windows