Secunia

Multiple vulnerabilities have been identified in SLwebmail3, where the most serious can be exploited by malicious people to compromise a vulnerable system.

Some of the vulnerabilities are caused due to boundary errors in many of the ISAPI extensions. This can be exploited by sending a query with an overly long, specially crafted argument supplied to a parameter, which will cause a buffer overflow.

The following modules and parameters have been reported vulnerable:

Module: showlogin.dll
Parameter: Language

Module: recman.dll
Parameter: CompanyID

Module: admin.dll
Parameter: CompanyID

Module: globallogin.dll
Parameter: CompanyID

Another vulnerability is caused due to an access control error, which can be exploited to access arbitrary files on the vulnerable system. The problem is that the ISAPI extension "ShowGodLog.dll" can be accessed by anyone without prior authentication. By providing a relative or absolute path to an arbitrary file on the system, it is possible to read the contents of the file with the privileges of the anonymous Internet account.

An information disclosure vulnerability has also been reported. A malicious person can make invalid requests to certain DLLs (eg. "WebMailReq.dll"), which discloses the physical path to the DLL.

Solution
Reportedly, an update has been released:
Further details available in Customer Area

Provided and/or discovered by
David Litchfield and Mark Litchfield, NGSSoftware.

Original Advisory
http://www.nextgenss.com/advisories/slwebmail-vulns.txt

Deep Links
Links available in Customer Area