Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: denial

MailEnable HTTPMail Service Content-Length Overflow Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for Content-Length Overflow Vulnerability in MailEnable HTTPMail Service

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server is affected by a buffer overflow vulnerability.

Description :

The target is running at least one instance of MailEnable that has a
flaw in the HTTPMail service (MEHTTPS.exe) in the Professional and
Enterprise Editions. The flaw can be exploited by issuing an HTTP GET
with an Content-Length header exceeding 100 bytes, which causes a
fixed-length buffer to overflow, crashing the HTTPMail service and
possibly allowing for arbitrary code execution.

See also :

Solution :

Upgrade to MailEnable Professional / Enterprise 1.2 or later or apply
the HTTPMail hotfix from 9th August 2004 found at

Threat Level:

Critical / CVSS Base Score : 10

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.