Detailed Description
A vulnerability in CMailServer, which can be exploited by attackers to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in the POP3 Class ActiveX control (CMailCOM.dll) when handling arguments passed to the "MoveToFolder()" method. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted POST request to mvmail.asp with an overly long "indexOfMail" parameter.
Successful exploitation allows execution of arbitrary code.
NOTE: Other methods have also been mentioned as vulnerable and may be exploitable similarly.
The vulnerability is confirmed in version 5.4.6. Other versions may also be affected.