Rule:

--
Sid: 
4637

-- 
Summary: 
This event is generated when an attempt is made to exploit a known vulnerability in MailEnable.

-- 
Impact: 
Serious. Command and code execution may be possible.

--
Detailed Information:
MailEnable is a messaging application for the Microsoft Windows operating system.

An error in the processing of the Authorization header in the HTTPMail Connector service may allow an attacker to execute commands on the target system or execute code of the attackers choosing in the context of the user running the application.

--
Affected Systems:
MailEnable Enterprise 1.04 and prior
MailEnable Professional 1.54 and prior

--
Attack Scenarios: 
An attacker needs to supply an Authorization header greater than 261 bytes to cause the overflow condition to occur.

-- 
Ease of Attack: 
Simple.

-- 
False Positives:
None Known

--
False Negatives:
None Known

-- 
Corrective Action: 
Apply the appropriate vendor supplied patch

Upgrade to the latest non-affected version of the software.

--
Contributors: 
Sourcefire Vulnerability Research Team
Alex Kirk <akirk@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--
