From the release notes -
Addressed the following security vulnerabilities (identified by iDefense
Labs):
[IDEF2159] IMailServer.WebConnect Buffer Overflow Vulnerability
[IDEF2160] IMail Server 2006 IMailLDAPService.Sync3 Heap Overflow
Vulnerability
[IDEF2161] IMail Server 2006 IMailLDAPService.Init3 Heap Overflow
Vulnerability
[IDEF2162] IMail Server 2006 IMailServer.Connect Buffer
[IDEF2163] IMail Server 2006 IMailUserCollection.SetReplyTo Buffer Overflow
Vulnerability
Remote exploitation of an ActiveX control buffer overflow vulnerability in
IMail Server 2006 could allow attackers to execute arbitrary code with the
credentials of the user visiting a malicious website. To exploit this issue,
a user would have to visit a malicious website from a computer with IMail
Server installed on it.The vulnerable component is also likely installed
with any IPSwitch product that includes the IMail Server. This includes
products such as its Collaboration Suite packages.
----- Original Message -----
From: "John T (lists)" <[EMAIL PROTECTED]>
To: <declude.junkmail@declude.com>
Sent: Monday, February 12, 2007 2:16 PM
Subject: RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2
What vulnerability in 2006.1 are you referring to? AFAIK, there is none.
John T
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N
Sent: Monday, February 12, 2007 9:44 AM
To: declude.junkmail@declude.com
Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2
Especially since 2006.2 fixes a vulnerabilty in 2006.1 - we'll have to roll
it out quickly.
----- Original Message -----
From: "Scott Fisher" <[EMAIL PROTECTED]>
To: <declude.junkmail@declude.com>
Sent: Monday, February 12, 2007 12:28 PM
Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2
It would be nice to know.
----- Original Message -----
From: "David Barker" <[EMAIL PROTECTED]>
To: <declude.junkmail@declude.com>
Sent: Monday, February 12, 2007 11:05 AM
Subject: RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2
We have not tested against IMail 2006.2
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.