CVE-2005-4456
Last modified
CVE-2005-4456 is a vulnerability of currently unknown severity. Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that these are alternate vectors for the issue described in CVE-2005-4402.. EPSS estimates a 7.14% chance of exploitation in the next 30 days.
Description
Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that these are alternate vectors for the issue described in CVE-2005-4402.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mailenable | Mailenable Enterprise | 1.1 |
| Mailenable | Mailenable Professional | 1.71 |
References
- http://seclists.org/lists/fulldisclosure/2005/Dec/1036.htmlExploit, Patch, Vendor Advisory
- http://seclists.org/lists/fulldisclosure/2005/Dec/1036.htmlExploit, Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-4456?
How severe is CVE-2005-4456?
How do I fix CVE-2005-4456?
Are you affected by CVE-2005-4456?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST