Secunia Research has discovered two vulnerabilities in MailEnable, which can be exploited by malicious people to cause a DoS (Denial of Service). An insufficient length check when appending data to a predefined log message into a buffer using strcat_s() may result in an unhandled invalid parameter error. This can be exploited to crash the SMTP service (MESMTPC.exe) via an overly long email address in the "MAIL FROM" command. An insufficient length check when copying data with a predefined log message into a buffer using strcpy_s() may result in an unhandled invalid parameter error. This can be exploited to crash the SMTP service (MESMTPC.exe) via an overly long domain name in the "RCPT TO" command.
b390e4462d7181ab22d988e0eaeb3fed9186ac4bba863901c1fa5b907f6d21bb