CVE-2005-3155
published 2005-10-05CVE-2005-3155: Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.
PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
63.69%
99.1th percentile
Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mailenable | mailenable_enterprise | — | — |
| mailenable | mailenable_professional | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x81\xec\x96\x40\x00\x00\x66\x81\xe4\xf0\xff
bytes↗
\xeb\x06 + pack('V', 0x1001c019)- →Detect oversized IMAP SELECT commands (~6196+ bytes) on port 143 targeting MailEnable IMAPD, indicative of buffer overflow exploitation attempt. ↗
- →Check IMAP banner for 'MailEnable Service, Version: 0-1.54' to identify vulnerable installations. ↗
- →Exploitation requires valid IMAP credentials; monitor for successful IMAP LOGIN followed immediately by an abnormally large SELECT command. ↗
- →Look for the SEH overwrite pattern: short JMP opcode \xeb\x06 followed by the return address 0x1001c019 (MEAISP.DLL) within an IMAP SELECT payload. ↗
- ·W3C logging must be enabled on the MailEnable IMAPD service for the vulnerability to be exploitable; it is NOT enabled by default. ↗
- ·The exploit requires a valid IMAP username and password, meaning unauthenticated exploitation is not possible. ↗
- ·The return address 0x1001c019 in MEAISP.DLL is specific to MailEnable 1.54 Pro Universal; other versions may require different offsets. ↗
- ·Bad characters \x00, \x0a, \x0d, \x20 cannot appear in the payload, constraining shellcode selection. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)
exploitdb·2010-06-15
CVE-2005-3155 MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)
MailEnable - IMAPD W3C Logging Buffer Overflow (Metasploit)
---
##
# $Id: mailenable_w3c_select.rb 9525 2010-06-15 07:18:08Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'MailEnable IMAPD W3C Logging Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow in the W3C logging
functionality of the MailEnable IMAPD service. Logging is
not enabled by default and this exploit requires a valid
username and password to exploit the flaw. MailEnable
Professional version 1.6 and prior and MailEnable Enterprise
version 1
Exploit-DB
MailEnable 1.54 Pro - Universal IMAPD W3C Logging Buffer Overflow (Metasploit)
exploitdb·2005-11-20
CVE-2005-3155 MailEnable 1.54 Pro - Universal IMAPD W3C Logging Buffer Overflow (Metasploit)
MailEnable 1.54 Pro - Universal IMAPD W3C Logging Buffer Overflow (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be redistributed
# according to the licenses defined in the Authors field below. In the
# case of an unknown or missing license, this file defaults to the same
# license as the core Framework (dual GPLv2 and Artistic). The latest
# version of the Framework can always be obtained from metasploit.com.
##
package Msf::Exploit::mailenable_imap_w3c;
use strict;
use base 'Msf::Exploit';
use Msf::Socket::Tcp;
use Pex::Text;
my $advanced = {
};
my $info = {
'Name' => 'MailEnable IMAPD W3C Logging Buffer Overflow',
'Version' => '$Revision: 1.1 $',
'Authors' => [ 'y0 ', ],
'Arch' => [ 'x86' ],
'OS' => [ 'win32', 'winnt', 'win2000', 'winxp', 'win2003'],
'P
Metasploit
MailEnable IMAPD W3C Logging Buffer Overflow
metasploit
MailEnable IMAPD W3C Logging Buffer Overflow
MailEnable IMAPD W3C Logging Buffer Overflow
This module exploits a buffer overflow in the W3C logging functionality of the MailEnable IMAPD service. Logging is not enabled by default and this exploit requires a valid username and password to exploit the flaw. MailEnable Professional version 1.6 and prior and MailEnable Enterprise version 1.1 and prior are affected.
No writeups or analysis indexed.
2005-10-05
Published