- Description
- Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 9
- Impact score
- 10
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:C/A:C
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E6496BBB-BF66-4CA5-B1E1-BF65D58DEB0E",
"versionEndIncluding": "3.13"
},
{
"criteria": "cpe:2.3:a:mailenable:mailenable_professional:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46C4F770-9BCC-42AB-B04C-3ACD60357472",
"versionEndIncluding": "3.13"
}
],
"operator": "OR"
}
]
}
]