1. CVE-Search
  2. CVE-2006-6290
ID CVE-2006-6290
Summary Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a long argument to the (1) EXAMINE or (2) SELECT command.
References
Vulnerable Configurations
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.11:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.12:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.13:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.14:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.15:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.16:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.17:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.18:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.19:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.22:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.23:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.24:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.25:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.26:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.26:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.27:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.27:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.28:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.28:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.29:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.29:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:1.30:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:1.30:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.03:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.03:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.04:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.04:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.05:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.05:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.06:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.06:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.07:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.07:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.08:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.08:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.09:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.09:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.11:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.13:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.15:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.16:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.17:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.18:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.19:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.21:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.22:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.23:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.24:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.25:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.26:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.27:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.28:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.28:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.29:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.29:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.30:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.30:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.31:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.31:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.32:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.32:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_enterprise:2.33:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_enterprise:2.33:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:1.82:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:1.82:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:mailenable:mailenable_professional:2.33:*:*:*:*:*:*:*
    cpe:2.3:a:mailenable:mailenable_professional:2.33:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 21362
bugtraq 20061130 Secunia Research: MailEnable IMAP Service Two Vulnerabilities
confirm http://www.mailenable.com/hotfix/
misc http://secunia.com/secunia_research/2006-71/advisory/
sectrack
  • 1017276
  • 1017319
secunia
  • 23047
  • 23080
vupen
  • ADV-2006-4673
  • ADV-2006-4778
xf mailenable-meimaps-bo(30614)
saint via4
bid 21362
description MailEnable IMAP SELECT buffer overflow
id mail_imap_mailenable,mail_imap_mailenableent
osvdb 31698
title mailenable_imap_select
type remote
Last major update 17-10-2018 - 21:47
Published 05-12-2006 - 11:28
Last modified 17-10-2018 - 21:47
Back to Top