IMail SMTP RCPT TO buffer overflowAdded: 09/29/2006
BackgroundIMail is an e-mail server for Windows platforms.
ProblemA buffer overflow vulnerability in the SMTP daemon allows remote command execution by sending a RCPT TO argument containing a long string between @ and : characters.
ResolutionUpgrade to IMail 2006.1 or higher.
LimitationsExploit works with IMail Server 8.10. Exploitation requires that the server have a fixed IP address. Due to the nature of the vulnerability, the success of the exploit may depend on the state of the target system.
Windows Server 2003
Back to exploit index