Published: 21/07/2007 Updated: 29/07/2017

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 660

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Subscribe to Ipswitch Collaboration Suite

Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 prior to 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ipswitch ipswitch collaboration suite
ipswitch imail server

#!/use/bin/perl # # Ipswitch IMail Server 2006 IMAP SEARCH COMMAND Stack Overflow Exploit # Author: ZhenHanLiu#ph4nt0morg # Date: 2007-07-25 # Team: Ph4nt0m Security Team (wwwph4nt0morg) # # Vuln Found by: Manuel Santamarina Suarez # labsidefensecom/intelligence/vulnerabilities/displayphp?id=563 # # The Vuln code is here (imap4 ...

## # $Id: ipswitch_searchrb 9525 2010-06-15 07:18:08Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class ...

CWE-119 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563 http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease http://www.securityfocus.com/bid/24962 http://www.securitytracker.com/id?1018419 http://secunia.com/advisories/26123 http://www.vupen.com/english/advisories/2007/2574 https://exchange.xforce.ibmcloud.com/vulnerabilities/35500 https://exchange.xforce.ibmcloud.com/vulnerabilities/35496 https://nvd.nist.gov https://www.exploit-db.com/exploits/4223/

CVE-2007-3925

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect