CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
98.2%
Added: 11/29/2005
CVE: CVE-2005-1256
BID: 13727
OSVDB: 16806
IMail is a mail server for Windows platforms. It includes SMTP, POP, IMAP, and LDAP services, and a web interface and web calendaring service.
A buffer overflow when processing long mailbox names specified in the STATUS command allows an authenticated user to execute arbitrary code.
Upgrade to IMail 8.15 with Hotfix 2 or higher, IMail 8.2 with Hotfix 2 or higher, or Ipswitch Collaboration Suite 2.0 with Hotfix 2 or higher.
[http://www.idefense.com/intelligence/vulnerabilities/display.php?id=244&type=vulnerabilities ](<http://www.idefense.com/intelligence/vulnerabilities/display.php?id=244&type=vulnerabilities
>)
Exploit works on IpSwitch IMail Server 8.14 on Windows 2000 SP4 and Windows Server 2003 SP2 with KB956572. A valid IMAP login and password are required.
Windows 2000
Windows Server 2003