CVE-2007-0955
CVE-2007-0955
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/3306unverifiedexploitdbwww.exploit-db.com/exploits/3308unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/fulldisclosure/2007-02/0321.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2007-02/0333.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-February/052427.htmlhttp://osvdb.org/33195http://secunia.com/advisories/24139http://securityreason.com/securityalert/2249https://exchange.xforce.ibmcloud.com/vulnerabilities/32482http://www.vupen.com/english/advisories/2007/0614