The IMail Server and Ipswitch Collaboration suite contain flaw in the 'SUBSCRIBE' command of the IMAP daemon running listening on port 143 that allows attackers to execute arbitrary code. Attackers once authenticated can pass a long string to the command thereby causing a exploitable stack-based overflow.
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
The vendor released an upgrade to fix the vulnerabilities: IMail Server 2006.21 and Collaboration Suite 2006.21