CVE-2010-2580

EUVD-2010-2584
The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
mailenablemailenable
𝑥
≤ 4.25
mailenablemailenable
4.0
mailenablemailenable
4.1
mailenablemailenable
4.01
mailenablemailenable
4.11
mailenablemailenable
4.12
mailenablemailenable
4.13
mailenablemailenable
4.14
mailenablemailenable
4.15
mailenablemailenable
4.16
mailenablemailenable
4.17
mailenablemailenable
4.22
mailenablemailenable
4.23
mailenablemailenable
4.24
mailenablemailenable
𝑥
≤ 4.25
mailenablemailenable
4.0
mailenablemailenable
4.01
mailenablemailenable
4.1
mailenablemailenable
4.13
mailenablemailenable
4.14
mailenablemailenable
4.16
mailenablemailenable
4.17
mailenablemailenable
4.22
mailenablemailenable
4.23
mailenablemailenable
4.24
mailenablemailenable
𝑥
≤ 4.25
mailenablemailenable
4.0
mailenablemailenable
4.01
mailenablemailenable
4.1
mailenablemailenable
4.11
mailenablemailenable
4.12
mailenablemailenable
4.13
mailenablemailenable
4.14
mailenablemailenable
4.15
mailenablemailenable
4.16
mailenablemailenable
4.17
mailenablemailenable
4.22
mailenablemailenable
4.23
mailenablemailenable
4.24
mailenablemailenable
3.61
mailenablemailenable
3.62
mailenablemailenable
3.63
mailenablemailenable
3.0
mailenablemailenable
3.01
mailenablemailenable
3.02
mailenablemailenable
3.03
mailenablemailenable
3.04
mailenablemailenable
3.5
mailenablemailenable
3.6
mailenablemailenable
3.10
mailenablemailenable
3.11
mailenablemailenable
3.12
mailenablemailenable
3.13
mailenablemailenable
3.14
mailenablemailenable
3.51
mailenablemailenable
3.52
mailenablemailenable
3.53
mailenablemailenable
3.61
mailenablemailenable
3.62
mailenablemailenable
3.63
mailenablemailenable
3.0
mailenablemailenable
3.01
mailenablemailenable
3.02
mailenablemailenable
3.03
mailenablemailenable
3.04
mailenablemailenable
3.5
mailenablemailenable
3.6
mailenablemailenable
3.10
mailenablemailenable
3.11
mailenablemailenable
3.12
mailenablemailenable
3.13
mailenablemailenable
3.14
mailenablemailenable
3.51
mailenablemailenable
3.52
mailenablemailenable
3.53
mailenablemailenable
3.61
mailenablemailenable
3.62
mailenablemailenable
3.63
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/41175
http://secunia.com/secunia_research/2010-112/
http://www.mailenable.com/Enterprise-ReleaseNotes.txt
http://www.mailenable.com/Professional-ReleaseNotes.txt
http://www.mailenable.com/Standard-ReleaseNotes.txt
http://www.mailenable.com/hotfix/
http://www.securityfocus.com/archive/1/513648/100/0/threaded
http://www.securityfocus.com/bid/43182
http://www.securitytracker.com/id?1024427
http://secunia.com/advisories/41175
http://secunia.com/secunia_research/2010-112/
http://www.mailenable.com/Enterprise-ReleaseNotes.txt
http://www.mailenable.com/Professional-ReleaseNotes.txt
http://www.mailenable.com/Standard-ReleaseNotes.txt
http://www.mailenable.com/hotfix/
http://www.securityfocus.com/archive/1/513648/100/0/threaded
http://www.securityfocus.com/bid/43182
http://www.securitytracker.com/id?1024427