Detections
Analytics
EasyMail Objects IMAP4 Component Connect Method Remote Overflow
high Nessus Plugin ID 24355
Synopsis
A COM object on the remote Windows host is affected by a buffer overflow vulnerability.Description
EasyMail Objects, a set of COM objects for supporting email protocols, is installed on the remote Windows host.The IMAP4 component of the version of the DjVu Browser Plug-in installed on the remote host reportedly is affected by a stack buffer overflow in the 'Connect' method that can be triggered with a 500+ character hostname. An attacker may be able to leverage this issue to execute arbitrary code on the remote host subject to the user's privileges.
Solution
Install the latest version of EasyMail Objects 6.5 or later as that is rumoured to fix the issue.See Also
http://www.nessus.org/u?6cbe0b07
https://www.securityfocus.com/archive/1/460237/30/0/threaded
Plugin Details
Severity: High
ID: 24355
File Name: easymail_objects_imap_connect_overflow.nasl
Version: 1.15
Type: local
Agent: windows
Family: Windows
Published: 2/16/2007
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.6
Temporal Score: 6
Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C
Vulnerability Information
Required KB Items: SMB/Registry/Enumerated
Exploit Available: true
Exploit Ease: Exploits are available
Vulnerability Publication Date: 2/15/2007
Reference Information
CVE: CVE-2007-1029
BID: 22583