1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP ArgoSoft Mail Server ActiveX File Overwrite

HTTP ArgoSoft Mail Server ActiveX File Overwrite

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempt to exploit a file overwrite vulnerability by passing special arguments into a method of ArgoSoft Mail Server MLSRVX.DLL ActiveX control.

Additional Information

ArGoSoft Mail Server is a Windows-based mail server.

ArGoSoft Mail Server is prone to an arbitrary file-overwrite vulnerability. This issue occurs in the 'mlsrv.dll' ActiveX control with CLSID: 3F06B376-8DB8-49D1-8BF8-D4C070EFEBA5. Specifically, the 'Add' and 'SaveToFile' methods permit an attacker to overwrite arbitrary files.

An attacker can exploit this issue to overwrite arbitrary files on the victim's computer in the context of the vulnerable application using the ActiveX control (typically Internet Explorer). Successful exploits will allow attackers to cause denial-of-service conditions; other consequences are possible.

Affected

  • ArGoSoft Mail Server version 1.8.9.1 is vulnerable; other versions may also be affected.

Response

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube