Vulnerability Report

CVE-2007-2795

RCE

Title: Ipswitch Imail RCE

RCE

Proof Of Concept

PoC Available for CVE-2007-2795

CWE Category CWE-119

Published Date Jan 27, 2009

Modified Date Apr 09, 2025

Exploit Status Available

Score 9.0 CVSS v2.0

Exploit Probability (EPSS)

17.55%

Vulnerability Summary

CVE-2007-2795: Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.

Impacted Vendors

ipswitch 1

Reference Links

http://www.ipswitch.com/support/imail/releases/im200621.asp http://www.zerodayinitiative.com/advisories/ZDI-07-042/ http://www.zerodayinitiative.com/advisories/ZDI-07-043/ http://www.ipswitch.com/support/imail/releases/im200621.asp http://www.zerodayinitiative.com/advisories/ZDI-07-042/ http://www.zerodayinitiative.com/advisories/ZDI-07-043/

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:S/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2007-2795 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/9662

View Code

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

January 27, 2009 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:L/Au:S/C:C/I:C/A:C

Affected Stack

No specific products linked.