Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16071
HistoryFeb 14, 2007 - 12:00 a.m.

[Full-disclosure] MailEnable DoS POC

2007-02-1400:00:00
vulners.com
22
JSON

The POC attached exploits an out of bounds memory read in the NTLM authentication
routines of MailEnable Pro/Enterprise. The problem lies in the NTLM_UnPack_Type3
function of MENTLM.dll.

This appears to have been silently "patched" somewhere between versions 2.351 and
2.36-7. (observe the quotes).

(c34.dc0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=8146930b ebx=003a6cc8 ecx=00000040 edx=00000000 esi=8146920b edi=0146b238
eip=0109b4b3 esp=014691e4 ebp=014691ec iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010212
MENTLM!NTLM_UnPack_Type3+0x3019:
0109b4b3 f3a5 rep movs dword ptr es:[edi],dword ptr [esi] es:0023:0146b238=00000000 ds:0023:8146920b=???

([email protected])

JSON