In association with heise online

08 March 2007, 11:09

Vulnerable ActiveX controls in IPSwitch IMail Server

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

In ActiveX modules that are installed by IPSwitch's IMail Server, attackers are able to trigger buffer overflows by using manipulated web pages. For this to happen, however, a user must first visit an appropriately manipulated web page with Internet Explorer from a computer on which the server software has been installed.

The IMail Server, which is, for example, also installed with the Collaboration Suite, embeds several ActiveX components in the system and marks them as "safe for scripting," thus allowing web pages to integrate them. Owing to faulty input checks in the modules IMAILAPILib.IMailServer, IMAILAPILib.IMailLDAPService and IMAILAPILib.IMailUserCollection internal buffers can overflow. Program code smuggled into the system can in this way be executed with the rights of the logged-on user.

IPSwitch has closed the vulnerability with its version 2006.2. Administrators affected can download this from the vendor after typing in their serial number.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit