1. CVE-Search
  2. CVE-2007-0955
ID CVE-2007-0955
Summary The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.
References
Vulnerable Configurations
  • cpe:2.3:a:mailenable:mailenable:1.6:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.6:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.61:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.61:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.62:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.62:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.63:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.63:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.64:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.64:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.65:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.65:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.66:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.66:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.67:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.67:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.68:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.68:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.69:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.69:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.81:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.81:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.82:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.82:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.83:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.83:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.84:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.84:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.85:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.85:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.86:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.86:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:1.87:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:1.87:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.0:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.0:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.01:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.01:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.1.1:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.1.1:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.1.2:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.1.2:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.1.3:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.1.3:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.02:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.02:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.03:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.03:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.04:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.04:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.05:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.05:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.06:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.06:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.07:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.07:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.08:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.08:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.09:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.09:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.09.2:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.09.2:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.09.3:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.09.3:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.09.4:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.09.4:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.31:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.31:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.32:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.32:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.33:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.33:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.34:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.34:*:*:*:professional:*:*:*
  • cpe:2.3:a:mailenable:mailenable:2.35:*:*:*:professional:*:*:*
    cpe:2.3:a:mailenable:mailenable:2.35:*:*:*:professional:*:*:*
CVSS
Base: 7.8 (as of 02-10-2019 - 20:13)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:C
refmap via4
fulldisc
  • 20070214 MailEnable DoS POC
  • 20070214 MailEnable DoS POC-2
  • 20071214 MailEnable DoS POC
osvdb 33195
secunia 24139
sreason 2249
vupen ADV-2007-0614
xf mailenable-ntlm-dos(32482)
Last major update 02-10-2019 - 20:13
Published 15-02-2007 - 02:28
Last modified 02-10-2019 - 20:13
Back to Top