Vulnerability Details CVE-2010-2580
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/41175
- http://secunia.com/secunia_research/2010-112/
- http://www.mailenable.com/Enterprise-ReleaseNotes.txt
- http://www.mailenable.com/Professional-ReleaseNotes.txt
- http://www.mailenable.com/Standard-ReleaseNotes.txt
- http://www.mailenable.com/hotfix/
- http://www.securityfocus.com/archive/1/513648/100/0/threaded
- http://www.securityfocus.com/bid/43182
- http://www.securitytracker.com/id?1024427
- http://secunia.com/advisories/41175
- http://secunia.com/secunia_research/2010-112/
- http://www.mailenable.com/Enterprise-ReleaseNotes.txt
- http://www.mailenable.com/Professional-ReleaseNotes.txt
- http://www.mailenable.com/Standard-ReleaseNotes.txt
- http://www.mailenable.com/hotfix/
- http://www.securityfocus.com/archive/1/513648/100/0/threaded
- http://www.securityfocus.com/bid/43182
- http://www.securitytracker.com/id?1024427
Products affected by CVE-2010-2580
-
cpe:2.3:a:mailenable:mailenable:1.00
-
cpe:2.3:a:mailenable:mailenable:1.01
-
cpe:2.3:a:mailenable:mailenable:1.02
-
cpe:2.3:a:mailenable:mailenable:1.03
-
cpe:2.3:a:mailenable:mailenable:1.04
-
cpe:2.3:a:mailenable:mailenable:1.1
-
cpe:2.3:a:mailenable:mailenable:1.2
-
cpe:2.3:a:mailenable:mailenable:1.21
-
cpe:2.3:a:mailenable:mailenable:1.22
-
cpe:2.3:a:mailenable:mailenable:1.23
-
cpe:2.3:a:mailenable:mailenable:1.24
-
cpe:2.3:a:mailenable:mailenable:1.25
-
cpe:2.3:a:mailenable:mailenable:1.26
-
cpe:2.3:a:mailenable:mailenable:3.0
-
cpe:2.3:a:mailenable:mailenable:3.01
-
cpe:2.3:a:mailenable:mailenable:3.02
-
cpe:2.3:a:mailenable:mailenable:3.03
-
cpe:2.3:a:mailenable:mailenable:3.04
-
cpe:2.3:a:mailenable:mailenable:3.10
-
cpe:2.3:a:mailenable:mailenable:3.11
-
cpe:2.3:a:mailenable:mailenable:3.12
-
cpe:2.3:a:mailenable:mailenable:3.13
-
cpe:2.3:a:mailenable:mailenable:3.14
-
cpe:2.3:a:mailenable:mailenable:3.5
-
cpe:2.3:a:mailenable:mailenable:3.51
-
cpe:2.3:a:mailenable:mailenable:3.52
-
cpe:2.3:a:mailenable:mailenable:3.53
-
cpe:2.3:a:mailenable:mailenable:3.6
-
cpe:2.3:a:mailenable:mailenable:3.61
-
cpe:2.3:a:mailenable:mailenable:3.62
-
cpe:2.3:a:mailenable:mailenable:3.63
-
cpe:2.3:a:mailenable:mailenable:4.0
-
cpe:2.3:a:mailenable:mailenable:4.01
-
cpe:2.3:a:mailenable:mailenable:4.1
-
cpe:2.3:a:mailenable:mailenable:4.11
-
cpe:2.3:a:mailenable:mailenable:4.12
-
cpe:2.3:a:mailenable:mailenable:4.13
-
cpe:2.3:a:mailenable:mailenable:4.14
-
cpe:2.3:a:mailenable:mailenable:4.15
-
cpe:2.3:a:mailenable:mailenable:4.16
-
cpe:2.3:a:mailenable:mailenable:4.17
-
cpe:2.3:a:mailenable:mailenable:4.22
-
cpe:2.3:a:mailenable:mailenable:4.23
-
cpe:2.3:a:mailenable:mailenable:4.24
-
cpe:2.3:a:mailenable:mailenable:4.25