Vulnerabilities > CVE-2006-6336 - Remote Heap-Based Buffer Overflow vulnerability in Eudora Worldmail Management Server 3.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Windows |
| NASL id | WORLDMAIL_MAILMA_OVERFLOW.NASL |
| description | The remote host is running Eudora WorldMail, a commercial mail server for Windows. According to its banner, the version of Eudora Worldmail installed on the remote host contains a heap-based buffer overflow flaw in its Mail Management Agent. Using a specially crafted request, an unauthenticated, remote attacker may be able to leverage this issue to crash the affected service or execute arbitrary code on the remote host. Since the service runs with LOCAL SYSTEM privileges by default, this could lead to a complete compromise of the affected host. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 24757 |
| published | 2007-03-05 |
| reporter | This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/24757 |
| title | Eudora WorldMail Mail Management Server (MAILMA.exe) Remote Overflow |
References
- http://osvdb.org/32587
- http://secunia.com/advisories/23622
- http://securitytracker.com/id?1017474
- http://www.securityfocus.com/archive/1/456077/100/0/threaded
- http://www.securityfocus.com/bid/21897
- http://www.vupen.com/english/advisories/2007/0066
- http://www.zerodayinitiative.com/advisories/ZDI-07-001.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31325