The remote server is running at least one instance of IMP whose version number is 3.2.4 or lower. Such versions are vulnerable to a cross-scripting attack whereby an attacker may be able to inject arbitrary content, including script, in a specially crafted MIME message. To have an effect, the victim must be using Internet Explorer to access IMP and be using the inline MIME viewer for HTML messages. This vulnerability is a variation on the one reported here : - http://www.greymagic.com/security/advisories/gm005-mc/ Note : OVS has determined the vulnerability exists on the target simply by looking at the version number of IMP installed there, it has not attempted to actually exploit the vulnerability.

Upgrade to IMP version 3.2.5 or later.