CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.0%
Added: 11/29/2005
CVE: CVE-2005-2278
BID: 14243
OSVDB: 17844
MailEnable is a mail server for Windows platforms. The standard edition supports the SMTP and POP3 protocols. MailEnable Professional and MailEnable Enterprise also support IMAP and HTTPMail.
A buffer overflow in the STATUS command could allow an authenticated user to execute arbitrary commands.
Upgrade to MailEnable Professional 1.6 or MailEnable Enterprise 1.1 with all needed hotfixes.
[http://marc.theaimsgroup.com/?l=bugtraq&m=112127188609993&w=2 ](<http://marc.theaimsgroup.com/?l=bugtraq&m=112127188609993&w=2
>)
Requires a valid IMAP user and password.
Windows 2000
Windows XP