Vulnerability Description
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ipswitch | Imail | <= 2006.2 |
Related Weaknesses (CWE)
References
- http://www.ipswitch.com/support/imail/releases/im200621.aspPatch
- http://www.zerodayinitiative.com/advisories/ZDI-07-042/Patch
- http://www.zerodayinitiative.com/advisories/ZDI-07-043/Patch
- http://www.ipswitch.com/support/imail/releases/im200621.aspPatch
- http://www.zerodayinitiative.com/advisories/ZDI-07-042/Patch
- http://www.zerodayinitiative.com/advisories/ZDI-07-043/Patch
FAQ
What is CVE-2007-2795?
CVE-2007-2795 is a vulnerability with a CVSS score of 9.0 (HIGH). Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers he...
How severe is CVE-2007-2795?
CVE-2007-2795 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2795?
Check the references section above for vendor advisories and patch information. Affected products include: Ipswitch Imail.