HTTP: Ipswitch IMail ActiveX Control
This signature detects attempts to exploit a known vulnerability in the Ipswitch IMail. An attacker can create a malicious Web site containing Web pages with dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Multiple buffer overflows in the IMAILAPILib ActiveX control (IMailAPI.dll) in Ipswitch IMail Server before 2006.2 allow remote attackers to execute arbitrary code via the (1) WebConnect and (2) Connect members in the (a) IMailServer control; (3) Sync3 and (4) Init3 members in the (b) IMailLDAPService control; and the (5) SetReplyTo member in the (c) IMailUserCollection control.
Affected Products
Ipswitch imail_plus
Short Name
HTTP:STC:ACTIVEX:IPSWITCH-IMAIL
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
ActiveX CVE-2007-1637 Control IMail Ipswitch
Release Date
03/21/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Ipswitch
CVSS Score
9.3