CVE-2010-2580

CVE-2010-2580 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not properly perform a length check, which allows remote attackers to cause a denial of service (crash) via a long (1) email address in the MAIL FROM command, or (2) domain name in the RCPT TO command, which triggers an "unhandled invalid parameter error."

Learn more about our Web Application Penetration Testing UK.