Novell NetMail versions 3.52d and prior contain a vulnerability that could allow an authenticated, remote attacker to execute arbitrary code.
The vulnerability exists due to insufficient validation of user-supplied input passed to the Network Messaging Application Protocol (NMAP) service, nmapd.exe. An authenticated, remote attacker could exploit this vulnerability by submitting an excessive amount of crafted data to nmapd.exe as a parameter of the STOR command. This action could trigger a buffer overflow, allowing the attacker to execute arbitrary code with potentially elevated privileges.
Novell confirmed this vulnerability in a technical information document and released updated software.