[原文]Multiple buffer overflows in SLWebMail 3 on Windows systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long Language parameter to showlogin.dll, (2) a long CompanyID parameter to recman.dll, (3) a long CompanyID parameter to admin.dll, or (4) a long CompanyID parameter to globallogin.dll.
SLWebMail3 showlogin.dll Language Parameter Remote Overflow
Remote / Network Access
Loss of Integrity
A remote overflow exists in SLWebMail3. The 'Language' parameter in the 'showlogin.dll' module fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a remote attacker could cause arbitrary code execution resulting in a loss of integrity. No further details have been provided.
Contact the vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.