Home page logo

bugtraq logo Bugtraq mailing list archives

NetWin CWMail.exe Buffer Overflow
From: "NGSSoftware Insight Security Research" <nisr () nextgenss com>
Date: Wed, 13 Feb 2002 13:14:02 -0000

NGSSoftware Insight Security Research Advisory

Name:    NetWin CWMail.exe Buffer Overflow
Systems Affected:  IIS4 & IIS5
Severity:  High
Vendor URL:   http://www.netwinsite.com
Author:   Mark Litchfield (mark () ngssoftware com)
Date:   13th February 2002
Advisory number: #NISR12022002

CWMail is a fully featured Corporate Web Mail System for institutions or
ISP's using the web as their primary means of access to email.  CWMail is
available for a wide variety of platforms and allows all email processing to
be handled via a client web browser rather than from an email client

CWMail.exe is the main executable that provides the program's functionality
on the Windows platforms.  This would typically be located in either the
'cgi-bin' or 'scripts' directory of an IIS server.  After a successful
logon, by selecting the forward (mail) option, and filling the parameter
'item=' with a large string of characters, an access violation occurs,
overwriting the saved return address and allowing the remote execution of
arbitrary code.

Fix Information
NGSSoftware alerted NetWin to these problems on the 10th of February; NetWin
responded extremely quickly with a patch. This patch has been available from
the 12th of February, and can be downloaded from

We would like to point out that the fix turnaround time of 36 hours is the
fastest that the members of the NISR team have encountered; we would
like to commend NetWin for the speed of their response and
their commitment to the security of their customers.

A check for these issues has been added to Typhon II, of which more
information is available from the NGSSoftware website,

Further Information

For further information about the scope and effects of buffer overflows,
please see


  By Date           By Thread  

Current thread:
  • NetWin CWMail.exe Buffer Overflow NGSSoftware Insight Security Research (Feb 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]