CVE-2007-1637

Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.

Published: Mar 23, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-1637
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
ipswitch / imail	2006	2006.x
ipswitch / imail_plus	2006	2006.x
ipswitch / imail_premium	2006	2006.x
ipswitch / ipswitch_collaboration_suite	2006_standard	2006_standard.x

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=487
http://secunia.com/advisories/24422
http://support.ipswitch.com/kb/IM-20070305-JH01.htm
http://www.securitytracker.com/id?1017737
http://www.vupen.com/english/advisories/2007/0853

Vulnerability Database

289,697

CVE-2007-1637