MCIS IMAP Subject to Buffer Overflow

 
MCIS IMAP Subject to Buffer Overflow
Reported January 4, 2000 by
Tristan Goode

VERSIONS AFFECTED
Microsoft Commercial Internet System 2.0 and 2.5

DESCRIPTION

The IMAP service included in MCIS Mail has an unchecked buffer. If a
malformed request containing random data were passed to the service, it could cause the web publishing, IMAP, SMTP, LDAP and other services to crash. If the malformed request contained specially crafted data, it could also be used to run arbitrary code on the server via a classic buffer overrun attack.

VENDOR RESPONSE

Microsoft has released patches for Intel and Alpha along with a Support Online article Q246731 and FAQ.

CREDITS
Discovered by
Tristan Goode

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish