{"api_version":"1","generated_at":"2026-04-26T02:38:14+00:00","cve":"CVE-2008-1276","urls":{"html":"https://cve.report/CVE-2008-1276","api":"https://cve.report/api/cve/CVE-2008-1276.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-1276","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-1276"},"summary":{"title":"CVE-2008-1276","description":"Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-03-10 23:44:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-119","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9","severity":"","vector":"AV:N/AC:L/Au:S/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.vupen.com/english/advisories/2008/0799/references","name":"http://www.vupen.com/english/advisories/2008/0799/references","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41058","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41058","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1019565","name":"http://www.securitytracker.com/id?1019565","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - MailEnable Buffer Overflows in FETCH, EXAMINE, and UNSUBSCRIBE Commands Let Remote Authenticated Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/29277","name":"http://secunia.com/advisories/29277","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"MailEnable IMAP Service Multiple Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/489270/100/0/threaded","name":"http://www.securityfocus.com/archive/1/489270/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://aluigi.altervista.org/adv/maildisable-adv.txt","name":"http://aluigi.altervista.org/adv/maildisable-adv.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/5249","name":"https://www.exploit-db.com/exploits/5249","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"MailEnable Pro/Ent <= 3.13 (Fetch) post-auth Remote BOF Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/28145","name":"http://www.securityfocus.com/bid/28145","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"MailEnable 3.13 and Prior IMAP Service Multiple Remote Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://securityreason.com/securityalert/3724","name":"http://securityreason.com/securityalert/3724","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityReason - Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-1276","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1276","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"1276","vulnerable":"1","versionEndIncluding":"3.13","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mailenable","cpe5":"mailenable_enterprise","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"1276","vulnerable":"1","versionEndIncluding":"3.13","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mailenable","cpe5":"mailenable_professional","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T08:17:33.548Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"29277","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/29277"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://aluigi.altervista.org/adv/maildisable-adv.txt"},{"name":"5249","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/5249"},{"name":"ADV-2008-0799","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/0799/references"},{"name":"3724","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/3724"},{"name":"20080307 Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/489270/100/0/threaded"},{"name":"1019565","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1019565"},{"name":"28145","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/28145"},{"name":"mailenable-imapservice-bo(41058)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41058"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-03-07T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-11T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"29277","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/29277"},{"tags":["x_refsource_MISC"],"url":"http://aluigi.altervista.org/adv/maildisable-adv.txt"},{"name":"5249","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/5249"},{"name":"ADV-2008-0799","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/0799/references"},{"name":"3724","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/3724"},{"name":"20080307 Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/489270/100/0/threaded"},{"name":"1019565","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1019565"},{"name":"28145","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/28145"},{"name":"mailenable-imapservice-bo(41058)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41058"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-1276","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"29277","refsource":"SECUNIA","url":"http://secunia.com/advisories/29277"},{"name":"http://aluigi.altervista.org/adv/maildisable-adv.txt","refsource":"MISC","url":"http://aluigi.altervista.org/adv/maildisable-adv.txt"},{"name":"5249","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/5249"},{"name":"ADV-2008-0799","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/0799/references"},{"name":"3724","refsource":"SREASON","url":"http://securityreason.com/securityalert/3724"},{"name":"20080307 Multiple vulnerabilities in MailEnable Professional/Enterprise 3.13","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/489270/100/0/threaded"},{"name":"1019565","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1019565"},{"name":"28145","refsource":"BID","url":"http://www.securityfocus.com/bid/28145"},{"name":"mailenable-imapservice-bo(41058)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41058"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-1276","datePublished":"2008-03-10T23:00:00.000Z","dateReserved":"2008-03-10T00:00:00.000Z","dateUpdated":"2024-08-07T08:17:33.548Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-03-10 23:44:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-119","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:C/I:C/A:C","baseScore":9,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mailenable:mailenable_enterprise:*:*:*:*:*:*:*:*","versionEndIncluding":"3.13","matchCriteriaId":"E6496BBB-BF66-4CA5-B1E1-BF65D58DEB0E"},{"vulnerable":true,"criteria":"cpe:2.3:a:mailenable:mailenable_professional:*:*:*:*:*:*:*:*","versionEndIncluding":"3.13","matchCriteriaId":"46C4F770-9BCC-42AB-B04C-3ACD60357472"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"1276","Ordinal":"1","Title":"CVE-2008-1276","CVE":"CVE-2008-1276","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"1276","Ordinal":"1","NoteData":"Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in MailEnable Professional Edition and Enterprise Edition 3.13 and earlier allow remote authenticated attackers to execute arbitrary code via long arguments to the (1) FETCH, (2) EXAMINE, and (3) UNSUBSCRIBE commands.","Type":"Description","Title":"CVE-2008-1276"},{"CveYear":"2008","CveId":"1276","Ordinal":"2","NoteData":"2008-03-10","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"1276","Ordinal":"3","NoteData":"2018-10-11","Type":"Other","Title":"Modified"}]}}}