CVE-2006-6423

MailEnable <2.35 - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16475
exploitdb WORKING POC VERIFIED
by mu-b · perlremotewindows
https://www.exploit-db.com/exploits/3320
exploitdb WORKING POC VERIFIED
by mu-b · perlremotewindows
https://www.exploit-db.com/exploits/3319
metasploit WORKING POC GREAT
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/imap/mailenable_login.rb

References (7)

Scores

EPSS 0.4744
EPSS Percentile 97.7%

Details

Status published
Products (34)
mailenable/mailenable_enterprise 1.1
mailenable/mailenable_enterprise 1.2
mailenable/mailenable_enterprise 1.11
mailenable/mailenable_enterprise 1.12
mailenable/mailenable_enterprise 1.13
mailenable/mailenable_enterprise 1.14
mailenable/mailenable_enterprise 1.15
mailenable/mailenable_enterprise 1.16
mailenable/mailenable_enterprise 1.17
mailenable/mailenable_enterprise 1.18
... and 24 more
Published Dec 12, 2006
Tracked Since Feb 18, 2026