The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote malicious users to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
mailenable mailenable 4.24 |
||
mailenable mailenable 4.23 |
||
mailenable mailenable 4.11 |
||
mailenable mailenable 4.1 |
||
mailenable mailenable 4.22 |
||
mailenable mailenable 4.17 |
||
mailenable mailenable 4.16 |
||
mailenable mailenable 4.01 |
||
mailenable mailenable 4.0 |
||
mailenable mailenable 4.15 |
||
mailenable mailenable 4.14 |
||
mailenable mailenable |
||
mailenable mailenable 4.13 |
||
mailenable mailenable 4.12 |
||
mailenable mailenable 3.62 |
||
mailenable mailenable 3.61 |
||
mailenable mailenable 3.63 |
||
mailenable mailenable 3.51 |
||
mailenable mailenable 3.5 |
||
mailenable mailenable 3.03 |
||
mailenable mailenable 3.02 |
||
mailenable mailenable 3.12 |
||
mailenable mailenable 3.11 |
||
mailenable mailenable 3.6 |
||
mailenable mailenable 3.53 |
||
mailenable mailenable 3.52 |
||
mailenable mailenable 3.10 |
||
mailenable mailenable 3.04 |
||
mailenable mailenable 3.14 |
||
mailenable mailenable 3.13 |
||
mailenable mailenable 3.01 |
||
mailenable mailenable 3.0 |
Vulmon