[原文]Format string vulnerability in IMAP4 in IA eMailServer Corporate Edition 5.2.2 build 1051 allows remote attackers to cause a denial of service (application crash) via a LIST command with format string specifiers as the second argument.
IA eMailServer IMAP4 LIST Command Format String Remote DoS
Remote / Network Access,
Local / Remote,
Denial of Service,
Loss of Integrity,
Loss of Availability
IA eMailServer contains a flaw that may allow a remote denial of service. The issue is triggered when the characters '%x' are sent as the second argument to the IMAP4 LIST command, and will result in loss of availability for the service.
Upgrade to version 5.3.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.