{"api_version":"1","generated_at":"2026-04-23T18:34:43+00:00","cve":"CVE-2007-3925","urls":{"html":"https://cve.report/CVE-2007-3925","api":"https://cve.report/api/cve/CVE-2007-3925.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-3925","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-3925"},"summary":{"title":"CVE-2007-3925","description":"Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-07-21 00:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.5","severity":"","vector":"AV:N/AC:L/Au:S/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease","name":"http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Ipswitch IMail Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2007/2574","name":"http://www.vupen.com/english/advisories/2007/2574","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/26123","name":"http://secunia.com/advisories/26123","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Ipswitch IMail Server/Collaboration Suite Multiple Buffer Overflows - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018419","name":"http://www.securitytracker.com/id?1018419","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IMail Server Buffer Overflows in IMAP 'search' and 'search charset' Commands Let Remote Authenticated Users Execute Arbitrary Code - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35496","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35496","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/24962","name":"http://www.securityfocus.com/bid/24962","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"Ipswitch IMail Server Multiple Buffer Overflow Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563","name":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35500","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35500","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-3925","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-3925","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"3925","vulnerable":"1","versionEndIncluding":"2006.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ipswitch","cpe5":"imail_server","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"3925","vulnerable":"1","versionEndIncluding":"2006.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"ipswitch","cpe5":"ipswitch_collaboration_suite","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T14:37:05.326Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"ADV-2007-2574","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/2574"},{"name":"24962","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/24962"},{"name":"20070718 Ipswitch IMail Server 2006 IMAP Search Command Buffer Overflow Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE","x_transferred"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563"},{"name":"1018419","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018419"},{"name":"ipswitch-imail-search-bo(35496)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35496"},{"name":"ipswitch-imail-searchcharset-bo(35500)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35500"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"},{"name":"26123","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/26123"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-07-18T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"ADV-2007-2574","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/2574"},{"name":"24962","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/24962"},{"name":"20070718 Ipswitch IMail Server 2006 IMAP Search Command Buffer Overflow Vulnerability","tags":["third-party-advisory","x_refsource_IDEFENSE"],"url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563"},{"name":"1018419","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018419"},{"name":"ipswitch-imail-search-bo(35496)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35496"},{"name":"ipswitch-imail-searchcharset-bo(35500)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35500"},{"tags":["x_refsource_CONFIRM"],"url":"http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"},{"name":"26123","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/26123"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-3925","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"ADV-2007-2574","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/2574"},{"name":"24962","refsource":"BID","url":"http://www.securityfocus.com/bid/24962"},{"name":"20070718 Ipswitch IMail Server 2006 IMAP Search Command Buffer Overflow Vulnerability","refsource":"IDEFENSE","url":"http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=563"},{"name":"1018419","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018419"},{"name":"ipswitch-imail-search-bo(35496)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35496"},{"name":"ipswitch-imail-searchcharset-bo(35500)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/35500"},{"name":"http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease","refsource":"CONFIRM","url":"http://docs.ipswitch.com/IMail%202006.21/ReleaseNotes/IMail_RelNotes.htm#NewRelease"},{"name":"26123","refsource":"SECUNIA","url":"http://secunia.com/advisories/26123"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-3925","datePublished":"2007-07-21T00:00:00.000Z","dateReserved":"2007-07-20T00:00:00.000Z","dateUpdated":"2024-08-07T14:37:05.326Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-07-21 00:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ipswitch:imail_server:*:*:*:*:*:*:*:*","versionEndIncluding":"2006.2","matchCriteriaId":"B64F51E1-D2B5-4E9D-962E-2DCD2B82919B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ipswitch:ipswitch_collaboration_suite:*:*:*:*:*:*:*:*","versionEndIncluding":"2006.2","matchCriteriaId":"DEFD422E-19B4-4789-BA0D-42C90C4A5AE9"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"3925","Ordinal":"1","Title":"CVE-2007-3925","CVE":"CVE-2007-3925","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"3925","Ordinal":"1","NoteData":"Multiple buffer overflows in the IMAP service (imapd32.exe) in Ipswitch IMail Server 2006 before 2006.21 allow remote authenticated users to execute arbitrary code via the (1) Search or (2) Search Charset command.","Type":"Description","Title":"CVE-2007-3925"},{"CveYear":"2007","CveId":"3925","Ordinal":"2","NoteData":"2007-07-20","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"3925","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}