cbcvebase.
CVE-2005-3155
published 2005-10-05

CVE-2005-3155: Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.

PriorityP354high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
63.69%
99.1th percentile
Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.

Affected

2 ranges
VendorProductVersion rangeFixed in
mailenablemailenable_enterprise
mailenablemailenable_professional

Detection & IOCsextracted from sources · hover to see the quote

port143
other0x1001c019 (MEAISP.DLL return address)
commanda01 SELECT <6196-byte buffer><SEH payload>
bytes
\x81\xec\x96\x40\x00\x00\x66\x81\xe4\xf0\xff
bytes
\xeb\x06 + pack('V', 0x1001c019)
  • Detect oversized IMAP SELECT commands (~6196+ bytes) on port 143 targeting MailEnable IMAPD, indicative of buffer overflow exploitation attempt.
  • Check IMAP banner for 'MailEnable Service, Version: 0-1.54' to identify vulnerable installations.
  • Exploitation requires valid IMAP credentials; monitor for successful IMAP LOGIN followed immediately by an abnormally large SELECT command.
  • Look for the SEH overwrite pattern: short JMP opcode \xeb\x06 followed by the return address 0x1001c019 (MEAISP.DLL) within an IMAP SELECT payload.
  • ·W3C logging must be enabled on the MailEnable IMAPD service for the vulnerability to be exploitable; it is NOT enabled by default.
  • ·The exploit requires a valid IMAP username and password, meaning unauthenticated exploitation is not possible.
  • ·The return address 0x1001c019 in MEAISP.DLL is specific to MailEnable 1.54 Pro Universal; other versions may require different offsets.
  • ·Bad characters \x00, \x0a, \x0d, \x20 cannot appear in the payload, constraining shellcode selection.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.