CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
99.5%
Added: 09/29/2006
CVE: CVE-2006-4379
BID: 19885
OSVDB: 28576
IMail is an e-mail server for Windows platforms.
A buffer overflow vulnerability in the SMTP daemon allows remote command execution by sending a **RCPT TO**
argument containing a long string between **@**
and **:**
characters.
Upgrade to IMail 2006.1 or higher.
<http://www.securityfocus.com/archive/1/445521>
Exploit works with IMail Server 8.10. Exploitation requires that the server have a fixed IP address. Due to the nature of the vulnerability, the success of the exploit may depend on the state of the target system.
Windows 2000
Windows Server 2003