CVE-2008-1276 Information

Description

Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH (2) EXAMINE and (3) UNSUBSCRIBE commands.

Reference

http://aluigi.altervista.org/adv/maildisable-adv.txt http://secunia.com/advisories/29277 http://securityreason.com/securityalert/3724 http://www.securityfocus.com/archive/1/489270/100/0/threaded http://www.securityfocus.com/bid/28145 http://www.securitytracker.com/id?1019565 http://www.vupen.com/english/advisories/2008/0799/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41058 https://www.exploit-db.com/exploits/5249