iDEFENSE Security Advisory 12.06.05 - Remote exploitation of a format string vulnerability in Ipswitch IMail allows remote attackers to execute arbitrary code. The vulnerability specifically exists due to improper use of functions which allow format specifiers in the SMTP service included with ICS. Remote attackers can supply format string values to certain string functions to cause memory corruption leading to remote code execution. iDEFENSE Labs has confirmed the existence of this vulnerability in Ipswitch Collaboration Suite 8.20.
752a52103a553eaf68282f1f873af0ee1abcdcfb07621d82ea276ccbf0d65e3b