Stack-based Buffer Overflow in IceWarp Merak Mail Server
CVE-2009-1516

Currently unrated

Key Information:

Vendor: Icewarp
Status: Merak Mail Server
Vendor: CVE Published:; 4 May 2009

What is CVE-2009-1516?

A stack-based buffer overflow exists in the IceWarp Merak Mail Server due to improper handling of input within the IceWarpServer.APIObject ActiveX control in api.dll. This vulnerability can be exploited when an attacker supplies a large value as the second argument to the Base64FileEncode method, potentially allowing the execution of arbitrary code within the context of the affected application. Care should be taken when processing untrusted input, as this may lead to unauthorized access or system compromise.

References

https://www.exploit-db.com/exploits/8542

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/34739

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2009
Vulnerability Reserved
May 4, 2009

JSON

Icewarp

What is CVE-2009-1516?

References

Timeline