See-Security Research and Development.

[-] Product Information

MailEnable's mail server software provides a powerful, scalable hosted
messaging platform for Microsoft Windows. MailEnable offers stability,
unsurpassed flexibility and an extensive feature set which allows you to
provide cost-effective mail services.

[-] Vulnerability Description
A remote buffer overflow exists in MailEnable Enterprise 1.1 IMAP EXAMINE
command, which allows for post authentication code execution.
This vulnerability affects Mailenable Enterprise 1.1 *without* the
ME-10009.EXE patch.

[-] Vendor Notification
Vendor Notified, patch released, no animals harmed.

[-] Exploit
PoC code can be found @:
http://www.hackingdefined.com/exploits/mailenable-imap-examine.py
http://www.hackingdefined.com/exploits/muts_mailenable_imap_examine.pm


[-] Credits
The vulnerability was discovered by Mati Aharoni.
Exploit coded by Mati Aharoni and Jacky Altal.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/