Vulnerability Description
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipswitch | Imail | 2006 |
| Ipswitch | Imail Plus | 2006 |
| Ipswitch | Imail Premium | 2006 |
| Ipswitch | Ipswitch Collaboration Suite | 2006_standard |
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487
- http://secunia.com/advisories/24422Vendor Advisory
- http://support.ipswitch.com/kb/IM-20070305-JH01.htm
- http://www.securitytracker.com/id?1017737
- http://www.vupen.com/english/advisories/2007/0853
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487
- http://secunia.com/advisories/24422Vendor Advisory
- http://support.ipswitch.com/kb/IM-20070305-JH01.htm
- http://www.securitytracker.com/id?1017737
- http://www.vupen.com/english/advisories/2007/0853
FAQ
What is CVE-2007-1637?
CVE-2007-1637 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Conne...
How severe is CVE-2007-1637?
CVE-2007-1637 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-1637?
Check the references section above for vendor advisories and patch information. Affected products include: Ipswitch Imail, Ipswitch Imail Plus, Ipswitch Imail Premium, Ipswitch Ipswitch Collaboration Suite.