Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5094

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5094
Last Modified 15 Nov 2008 01:59:40
Published 26 Sep 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5094

Summary

Heap-based buffer overflow in iaspam.dll in the SMTP Server in Ipswitch IMail Server 8.01 through 8.11 allows remote attackers to execute arbitrary code via a set of four different e-mail messages with a long boundary parameter in a certain malformed Content-Type header line, the string "MIME" by itself on a line in the header, and a long Content-Transfer-Encoding header line.

Vulnerable Systems

Application

  • Ipswitch Imail 8.0.3

  • Ipswitch Imail 8.0.5

  • Ipswitch Imail 8.01

  • Ipswitch Imail 8.1

  • Ipswitch Imail 8.11


References

BID - 25762

MILW0RM - 4438

MISC - http://pstgroup.blogspot.com/2007/09/exploitimail-iaspamdll-80x-remote-heap.html

OSVDB - 39390

XF - ipswitch-imail-bo(36723)


Last Updated: 27 May 2016 10:46:04