Internet Anywhere Mail Server RETR DoS Vulnerability

Submitting a RETR command with a message ID argument longer than 10 numeric characters will result in a crash of the Internet Anywhere Mail Server. A Doctor Watson error message will appear reporting an access violation by MailServer.exe. Restarting the mail server will resume functionality. This denial of service attack does not affect other running programs, and requires the attacker to have a valid username and password on the POP3 server.


Privacy Statement
Copyright 2010, SecurityFocus