In association with heise online

02 November 2007, 13:32

Vulnerability in IPSwitch e-mail client

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

IMail Client 9.22 for Windows included in IPSwitch IMail Server 2006 contains a vulnerability that attackers can exploit to gain control of a computer by means of manipulated e-mails. A buffer overflow occurs when "multipart" MIME data are read. Secunia have discovered that a boundary parameter longer than 212 bytes provokes the overflow, which in turn allows code to be written onto the stack and launched with the user's rights. The flaw was discovered in version 9.22 of the client.

Because the client is generally only installed on the server for maintenance purposes, the risk of an attack is relatively low. The vendor recommends deleting the client from the server; there will be no update. In future, the vendor does not plan to include the client with the server.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit