COMMAND

    Becky!

SYSTEMS AFFECTED

    Becky! 2.00.05

PROBLEM

    Ichinose  Sayo  found   following.   He   found  Buffer   Overflow
    vulnerabilities in Becky! Internet Mail 2.00.05.  Becky!  Internet
    Mail  is  popular  MUA  (Mail  User  Agent)  designed  for Windows
    operating systems.

    If  the  message  includes  over  65536  bytes  without  new  line
    characters, the buffer will  be overflowed.  Buffer  overflow also
    occurs when attempt  to reply or  forward to the  message included
    over 8188 bytes without new line characters.

    Successful exploitation of  this vulnerability could  allow remote
    attackers to execute arbitrary commands.  Tested Version:

        - Becky! Internet Mail ver 2.00.05
        - Becky! Internet Mail ver 2.00.03

    Web site  that shows  reproducing this  vulnerability is available
    from:

        http://www.lac.co.jp/security/english/test/becky2.html

SOLUTION

    Due to prompt response by  the author, the version 2.00.06,  which
    was fixed this problem, was published.

        http://www.rimarts.co.jp/becky.htm