Remote Code Execution and Denial of Service in MailEnable Professional and Enterprise
CVE-2006-5177

Currently unrated

Key Information:

Vendor

Mailenable

Status
Mailenable Enterprise
Mailenable Professional
Vendor
CVE Published:
10 October 2006

What is CVE-2006-5177?

The NTLM authentication mechanism in MailEnable Professional and Enterprise versions 2.0 is vulnerable to exploitation by remote attackers. This vulnerability allows unauthorized execution of arbitrary code through specifically crafted base64 encoded NTLM Type 3 messages. Additionally, attackers can trigger a denial of service by exploiting crafted NTLM Type 1 messages that cause a buffer over-read, potentially leading to service disruption.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/29287
vdb-entryx_refsource_XF
http://secunia.com/advisories/22179
third-party-advisoryx_refsource_SECUNIA
http://www.mailenable.com/hotfix/
x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.