Vulnerable ActiveX controls in IPSwitch IMail Server
In ActiveX modules that are installed by IPSwitch's IMail Server, attackers are able to trigger buffer overflows by using manipulated web pages. For this to happen, however, a user must first visit an appropriately manipulated web page with Internet Explorer from a computer on which the server software has been installed.
The IMail Server, which is, for example, also installed with the Collaboration Suite, embeds several ActiveX components in the system and marks them as "safe for scripting," thus allowing web pages to integrate them. Owing to faulty input checks in the modules IMAILAPILib.IMailServer, IMAILAPILib.IMailLDAPService and IMAILAPILib.IMailUserCollection internal buffers can overflow. Program code smuggled into the system can in this way be executed with the rights of the logged-on user.
IPSwitch has closed the vulnerability with its version 2006.2. Administrators affected can download this from the vendor after typing in their serial number.
- IMail/ICS 2006.2 Release Notes from IPSwitch
- Download of the current IMail version (serial number required)