cvelistv5 - CVE-2007-1637

CVE-2007-1637 (GCVE-0-2007-1637)

Vulnerability from cvelistv5

Published

2007-03-23 22:00

Modified

2024-08-07 13:06

Severity ?

CWE

Summary

Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487
cve@mitre.org	http://secunia.com/advisories/24422	Vendor Advisory
cve@mitre.org	http://support.ipswitch.com/kb/IM-20070305-JH01.htm
cve@mitre.org	http://www.securitytracker.com/id?1017737
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0853
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24422	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.ipswitch.com/kb/IM-20070305-JH01.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017737
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0853

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:06:25.360Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2007-0853",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0853"
          },
          {
            "name": "24422",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24422"
          },
          {
            "name": "20070307 Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilitie",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
          },
          {
            "name": "1017737",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017737"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-03-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2007-0853",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0853"
        },
        {
          "name": "24422",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24422"
        },
        {
          "name": "20070307 Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilitie",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
        },
        {
          "name": "1017737",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017737"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1637",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2007-0853",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0853"
            },
            {
              "name": "24422",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24422"
            },
            {
              "name": "20070307 Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilitie",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
            },
            {
              "name": "1017737",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017737"
            },
            {
              "name": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm",
              "refsource": "CONFIRM",
              "url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1637",
    "datePublished": "2007-03-23T22:00:00",
    "dateReserved": "2007-03-23T00:00:00",
    "dateUpdated": "2024-08-07T13:06:25.360Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-1637\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-03-23T22:19:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en el control ActiveX IMAILAPILib (IMailAPI.dll) en Ipswitch IMail Server anterior a 2006.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de los miembros (1) WebConnect y (2) Connect en el control (a)IMailServer; miembros (3) Sync3 y (4) Init3 en el control (b) IMailLDAPService y el miembro (5) SetReplyTo en el control (c)IMailUserCollection.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81B286D0-4168-41FF-AC1F-4E65C3AD7DC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:imail_plus:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0C6A165-8B6B-4D0F-B2F7-3A5CDA4BA072\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:imail_premium:2006:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"635D04E6-0347-4858-B8F4-AC7BD3565E2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_standard:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95104B1C-0B67-43FF-A93C-9296707B3DA9\"}]}]}],\"references\":[{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/24422\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.ipswitch.com/kb/IM-20070305-JH01.htm\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1017737\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0853\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/24422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://support.ipswitch.com/kb/IM-20070305-JH01.htm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1017737\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2007/0853\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorSolution\":\"Upgrade to version 2006.2.\"}}"
  }
}

fkie_cve-2007-1637

Vulnerability from fkie_nvd

Published

2007-03-23 22:19

Modified

2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487
cve@mitre.org	http://secunia.com/advisories/24422	Vendor Advisory
cve@mitre.org	http://support.ipswitch.com/kb/IM-20070305-JH01.htm
cve@mitre.org	http://www.securitytracker.com/id?1017737
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0853
af854a3a-2127-422b-91ae-364da2661108	http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/24422	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.ipswitch.com/kb/IM-20070305-JH01.htm
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1017737
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0853

Impacted products

Vendor	Product	Version
ipswitch	imail	2006
ipswitch	imail_plus	2006
ipswitch	imail_premium	2006
ipswitch	ipswitch_collaboration_suite	2006_standard

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "81B286D0-4168-41FF-AC1F-4E65C3AD7DC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:imail_plus:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0C6A165-8B6B-4D0F-B2F7-3A5CDA4BA072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:imail_premium:2006:*:*:*:*:*:*:*",
              "matchCriteriaId": "635D04E6-0347-4858-B8F4-AC7BD3565E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_standard:*:*:*:*:*:*:*",
              "matchCriteriaId": "95104B1C-0B67-43FF-A93C-9296707B3DA9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en el control ActiveX IMAILAPILib (IMailAPI.dll) en Ipswitch IMail Server anterior a 2006.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de los miembros (1) WebConnect y (2) Connect en el control (a)IMailServer; miembros (3) Sync3 y (4) Init3 en el control (b) IMailLDAPService y el miembro (5) SetReplyTo en el control (c)IMailUserCollection."
    }
  ],
  "evaluatorSolution": "Upgrade to version 2006.2.",
  "id": "CVE-2007-1637",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-03-23T22:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24422"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017737"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0853"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-200703-0303

Vulnerability from variot

Want a new job? http://secunia.com/secunia_vacancies/

Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/

TITLE: Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows

SECUNIA ADVISORY ID: SA24422

VERIFY ADVISORY: http://secunia.com/advisories/24422/

CRITICAL: Highly critical

IMPACT: System access

WHERE:

From remote

SOFTWARE: Ipswitch Collaboration Suite 2006 http://secunia.com/product/8652/ IMail Server 2006 http://secunia.com/product/8653/

DESCRIPTION: Some vulnerabilities have been reported in Ipswitch IMail Server/Collaboration Suite, which potentially can be exploited by malicious people to compromise a vulnerable system.

1) Unspecified errors within the IMailServer.WebConnect, IMailLDAPService.Sync3, IMailLDAPService.Init3, IMailServer.Connect, and IMailUserCollection.SetReplyTo components can be exploited to cause buffer overflows via specially crafted packets.

2) An error within an unspecified ActiveX control can be exploited to execute arbitrary code when a user e.g. visits a malicious web site.

SOLUTION: Update to version 2006.2 (Standard Edition only): ftp://ftp.ipswitch.com/Ipswitch/Product_Downloads/ICS_Standard.exe

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: Ipswitch: http://www.ipswitch.com/support/ics/updates/ics20062.asp http://support.ipswitch.com/kb/IM-20070305-JH01.htm

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200703-0303",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "imail",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "2006"
      },
      {
        "model": "imail premium",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "2006"
      },
      {
        "model": "imail plus",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "2006"
      },
      {
        "model": "collaboration suite",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "ipswitch",
        "version": "2006_standard"
      },
      {
        "model": "imail",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ipswitch",
        "version": "2006.2"
      },
      {
        "model": "imail",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "ipswitch",
        "version": "server"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-591"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1637"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:ipswitch:imail",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secunia",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "54869"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2007-1637",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2007-1637",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.6,
            "id": "VHN-24999",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2007-1637",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2007-1637",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200703-591",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-24999",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-591"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1637"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control. A buffer overflow vulnerability exists in the IMAILAPILib ActiveX control (IMailAPI.dll) of Ipswitch IMail Server versions prior to 2006.2. \n\n----------------------------------------------------------------------\n\nWant a new job?\nhttp://secunia.com/secunia_vacancies/\n\nSecunia is looking for new researchers with a reversing background\nand experience in writing exploit code:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\nhttp://secunia.com/Disassembling_og_Reversing/\n\n----------------------------------------------------------------------\n\nTITLE:\nIpswitch IMail Server/Collaboration Suite Multiple Buffer Overflows\n\nSECUNIA ADVISORY ID:\nSA24422\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/24422/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nIpswitch Collaboration Suite 2006\nhttp://secunia.com/product/8652/\nIMail Server 2006\nhttp://secunia.com/product/8653/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Ipswitch IMail\nServer/Collaboration Suite, which potentially can be exploited by\nmalicious people to compromise a vulnerable system. \n\n1) Unspecified errors within the IMailServer.WebConnect,\nIMailLDAPService.Sync3, IMailLDAPService.Init3, IMailServer.Connect,\nand IMailUserCollection.SetReplyTo components can be exploited to\ncause buffer overflows via specially crafted packets. \n\n2) An error within an unspecified ActiveX control can be exploited to\nexecute arbitrary code when a user e.g. visits a malicious web site. \n\nSOLUTION:\nUpdate to version 2006.2 (Standard Edition only):\nftp://ftp.ipswitch.com/Ipswitch/Product_Downloads/ICS_Standard.exe\n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nIpswitch:\nhttp://www.ipswitch.com/support/ics/updates/ics20062.asp\nhttp://support.ipswitch.com/kb/IM-20070305-JH01.htm\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1637"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      },
      {
        "db": "VULHUB",
        "id": "VHN-24999"
      },
      {
        "db": "PACKETSTORM",
        "id": "54869"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-1637",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "24422",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1017737",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0853",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003570",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-591",
        "trust": 0.7
      },
      {
        "db": "IDEFENSE",
        "id": "20070307 IPSWITCH IMAIL SERVER 2006 MULTIPLE ACTIVEX CONTROL BUFFER OVERFLOW VULNERABILITIE",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "83550",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-24999",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "54869",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      },
      {
        "db": "PACKETSTORM",
        "id": "54869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-591"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1637"
      }
    ]
  },
  "id": "VAR-200703-0303",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24999"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:04:00.224000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "IM-20070305-JH01",
        "trust": 0.8,
        "url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-1637"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://support.ipswitch.com/kb/im-20070305-jh01.htm"
      },
      {
        "trust": 1.7,
        "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id?1017737"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/24422"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2007/0853"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1637"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1637"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/0853"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8652/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/disassembling_og_reversing/"
      },
      {
        "trust": 0.1,
        "url": "http://www.ipswitch.com/support/ics/updates/ics20062.asp"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/8653/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_vacancies/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/24422/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-24999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      },
      {
        "db": "PACKETSTORM",
        "id": "54869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-591"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1637"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-24999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      },
      {
        "db": "PACKETSTORM",
        "id": "54869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-591"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-1637"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-03-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24999"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      },
      {
        "date": "2007-03-08T00:54:52",
        "db": "PACKETSTORM",
        "id": "54869"
      },
      {
        "date": "2007-03-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-591"
      },
      {
        "date": "2007-03-23T22:19:00",
        "db": "NVD",
        "id": "CVE-2007-1637"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2011-03-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-24999"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      },
      {
        "date": "2007-03-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200703-591"
      },
      {
        "date": "2024-11-21T00:28:48.660000",
        "db": "NVD",
        "id": "CVE-2007-1637"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-591"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ipswitch IMail Server of  IMAILAPILib ActiveX Control buffer overflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003570"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200703-591"
      }
    ],
    "trust": 0.6
  }
}

ghsa-586g-p3j5-gxcr

Vulnerability from github

Published

2022-05-01 17:55

Modified

2022-05-01 17:55

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-1637"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-03-23T22:19:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.",
  "id": "GHSA-586g-p3j5-gxcr",
  "modified": "2022-05-01T17:55:31Z",
  "published": "2022-05-01T17:55:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1637"
    },
    {
      "type": "WEB",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/24422"
    },
    {
      "type": "WEB",
      "url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1017737"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0853"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2007-1637

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-1637

Aliases

CVE-2007-1637

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-1637",
    "description": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.",
    "id": "GSD-2007-1637"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-1637"
      ],
      "details": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.",
      "id": "GSD-2007-1637",
      "modified": "2023-12-13T01:21:39.480915Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-1637",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2007-0853",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0853"
          },
          {
            "name": "24422",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/24422"
          },
          {
            "name": "20070307 Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilitie",
            "refsource": "IDEFENSE",
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
          },
          {
            "name": "1017737",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1017737"
          },
          {
            "name": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm",
            "refsource": "CONFIRM",
            "url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:imail_plus:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:imail_premium:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:imail:2006:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:2006_standard:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1637"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070307 Ipswitch IMail Server 2006 Multiple ActiveX Control Buffer Overflow Vulnerabilitie",
              "refsource": "IDEFENSE",
              "tags": [],
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487"
            },
            {
              "name": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.ipswitch.com/kb/IM-20070305-JH01.htm"
            },
            {
              "name": "1017737",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1017737"
            },
            {
              "name": "24422",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/24422"
            },
            {
              "name": "ADV-2007-0853",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0853"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-03-08T02:52Z",
      "publishedDate": "2007-03-23T22:19Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-1637 (GCVE-0-2007-1637)

Vulnerability from cvelistv5

fkie_cve-2007-1637

Vulnerability from fkie_nvd

var-200703-0303

Vulnerability from variot

ghsa-586g-p3j5-gxcr

Vulnerability from github

gsd-2007-1637

Vulnerability from gsd

Tags

Sightings

Nomenclature