A remote overflow exists in Pegasus Mail. Pegasus Mail fails to validate RFC2822 headers in incoming email messages, resulting in an off-by-one overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Classification
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Unknown
Technical
When displaying the email message headers that conform to RFC2822, it is possible for a constructed header to trigger an 'off-by-one' error. This can potentially lead to the least significant byte of the frame pointer in the handling function being overwritten if the header is 1022 bytes or longer. Code execution using this flaw has been confirmed on Windows XP.
Solution
Upgrade to version 4.31 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
secunia.com - Secunia Research