Vulnerability in IPSwitch e-mail client
IMail Client 9.22 for Windows included in IPSwitch IMail Server 2006 contains a vulnerability that attackers can exploit to gain control of a computer by means of manipulated e-mails. A buffer overflow occurs when "multipart" MIME data are read. Secunia have discovered that a boundary parameter longer than 212 bytes provokes the overflow, which in turn allows code to be written onto the stack and launched with the user's rights. The flaw was discovered in version 9.22 of the client.
Because the client is generally only installed on the server for maintenance purposes, the risk of an attack is relatively low. The vendor recommends deleting the client from the server; there will be no update. In future, the vendor does not plan to include the client with the server.
- IPSwitch IMail Server IMail Client Buffer Overflow, Secunia's security advisory