MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAU.DLL

MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAU.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.

N/A

对搜索路径元素未加控制

MailEnable 代码问题漏洞

MailEnable是澳大利亚MailEnable公司的一个基于 Windows 的商业电子邮件服务器。 MailEnable 10.54之前版本存在代码问题漏洞，该漏洞源于不安全DLL加载，可能导致本地任意代码执行。

N/A

N/A