Summary
The target is running at least one instance of MailEnable - http://www.mailenable.com/ - that has a flaw in the HTTPMail service (MEHTTPS.exe) in the Professional and Enterprise Editions. The flaw can be exploited by issuing an HTTP request exceeding 4045 bytes (8500 if logging is disabled), which causes a heap buffer overflow, crashing the HTTPMail service and possibly allowing for arbitrary code execution.
Solution
Upgrade to MailEnable Professional / Enterprise 1.19 or later.
Severity
Classification
-
CVE CVE-2004-2727 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities