This Metasploit module exploits a buffer overflow in the W3C logging functionality of the MailEnable IMAPD service. Logging is not enabled by default and this exploit requires a valid username and password to exploit the flaw. MailEnable Professional version 1.6 and prior and MailEnable Enterprise version 1.1 and prior are affected.
7094ed083e302ef685862bc36e8a4e257722a626bc842428e2cb88d10634019d
MailEnable proof of concept exploit for the W3C logging vulnerability. The shellcode used actually renames the vulnerable binary to disable the system from being vulnerable.
c9cdae7c9b4feeea86406fb868c994266fb649ece1b3e7eccb2bbcc0360a1efa