Vulnerability Details CVE-2006-5177
The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.054
EPSS Ranking 89.6%
CVSS Severity
CVSS v2 Score 9.3
References
- http://labs.musecurity.com/advisories/MU-200609-01.txt
- http://secunia.com/advisories/22179
- http://www.mailenable.com/hotfix/
- http://www.securityfocus.com/bid/20290
- http://www.vupen.com/english/advisories/2006/3862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29286
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29287
- http://labs.musecurity.com/advisories/MU-200609-01.txt
- http://secunia.com/advisories/22179
- http://www.mailenable.com/hotfix/
- http://www.securityfocus.com/bid/20290
- http://www.vupen.com/english/advisories/2006/3862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29286
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29287
Products affected by CVE-2006-5177
-
cpe:2.3:a:mailenable:mailenable_enterprise:2.0
-
cpe:2.3:a:mailenable:mailenable_professional:2.0