MailEnable is a mail server supporting SMTP and POP3 for Windows platforms. MailEnable Professional and MailEnable Enterprise also include IMAP and HTTPMail services.
A buffer overflow vulnerability in the IMAP service allows an authenticated attacker to execute arbitrary commands by sending a specially crafted SELECT command.
Apply the latest hotfix for IMAP.
Exploit works on MailEnable Professional 2.32 with Patch ME-10018 and requires a valid IMAP login name, password, and post office name.