ArGoSoft Mail Server MLSRVX.DLL Arbitrary File Overwrite Vulnerability
BID:25105
Info
ArGoSoft Mail Server MLSRVX.DLL Arbitrary File Overwrite Vulnerability
| Bugtraq ID: | 25105 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 27 2007 12:00AM |
| Updated: | Jul 30 2007 07:25PM |
| Credit: | callAX is credited with the discovery of this vulnerability. |
| Vulnerable: |
ArGo Software Design ArGoSoft Mail Server 1.8.9.1 |
| Not Vulnerable: | |
Discussion
ArGoSoft Mail Server MLSRVX.DLL Arbitrary File Overwrite Vulnerability
ArGoSoft Mail Server is prone to a vulnerability that lets attackers overwrite arbitrary files.
An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow the attacker to cause denial-of-service conditions; other consequences are possible.
ArGoSoft Mail Server 1.8.9.1 is vulnerable; other versions may also be affected.
ArGoSoft Mail Server is prone to a vulnerability that lets attackers overwrite arbitrary files.
An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow the attacker to cause denial-of-service conditions; other consequences are possible.
ArGoSoft Mail Server 1.8.9.1 is vulnerable; other versions may also be affected.
Exploit / POC
ArGoSoft Mail Server MLSRVX.DLL Arbitrary File Overwrite Vulnerability
The following exploit code is available.
The following exploit code is available.
Solution / Fix
ArGoSoft Mail Server MLSRVX.DLL Arbitrary File Overwrite Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
ArGoSoft Mail Server MLSRVX.DLL Arbitrary File Overwrite Vulnerability
References:
References:
- ArGoSoft Mail Server Home Page (ArGo Software Design)