A remote buffer overflow exists in the MailEnable Enterprise 1.1 IMAP EXAMINE command, which allows for post authentication code execution. This vulnerability affects MailEnable Enterprise 1.1 without the ME-10009.EXE patch.
ec6f41564206752e2b7c3a564cd3998eSee-Security Research and Development.
[-] Product Information
MailEnable's mail server software provides a powerful, scalable hosted
messaging platform for Microsoft Windows. MailEnable offers stability,
unsurpassed flexibility and an extensive feature set which allows you to
provide cost-effective mail services.
[-] Vulnerability Description
A remote buffer overflow exists in MailEnable Enterprise 1.1 IMAP EXAMINE
command, which allows for post authentication code execution.
This vulnerability affects Mailenable Enterprise 1.1 *without* the
ME-10009.EXE patch.
[-] Vendor Notification
Vendor Notified, patch released, no animals harmed.
[-] Exploit
PoC code can be found @:
http://www.hackingdefined.com/exploits/mailenable-imap-examine.py
http://www.hackingdefined.com/exploits/muts_mailenable_imap_examine.pm
[-] Credits
The vulnerability was discovered by Mati Aharoni.
Exploit coded by Mati Aharoni and Jacky Altal.
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!