Malformed IMAP Request Vulnerability

Due to a vulnerability in the Microsoft® Commercial Internet System (MCIS) Mail server a buffer overflow in the IMAP service could allow a malicious user to remotely cause services on the server to fail, or cause arbitrary code to run on the server.

Issue

The IMAP service included in MCIS Mail has an unchecked buffer. If a malformed request containing random data were passed to the service, it could cause the web publishing, IMAP, SMTP, LDAP and other services to crash. If the malformed request contained specially crafted data, it could also be used to run arbitrary code on the server via a classic buffer overrun attack.

Affected Products

• Microsoft Commercial Internet System 2.0 and 2.5

Download

Patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=17124

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: January 4, 2000

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<