Becky! Internet Mail, provided by Rimarts, Inc., is a software product used to send and receive e-mail messages. Becky! Internet Mail offers a feature that allows the recipient to reply to a request when a sender requires a confirmation from the recipient upon the viewing of the message.

However, a buffer overflow vulnerability exists within the mail receipt confirmation function in Becky! Internet Mail. When this vulnerability is exploited, there is a possibility that arbitrary code is executed on the computer on which Becky! Internet Mail is installed.

For detailed information, refer to the following URL:
http://www.rimarts.co.jp/index-j.html (in Japanese)

For the latest information, refer to the following URL:
http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000011.html

The IPA first received a report concerning this vulnerability through the creditee below on January 5, 2009, and the JPCERT Coordination Center (JPCERT/CC), in line with the Information Security Early Warning Partnership, made adjustments to clarify the matter with the vendor and made the announcement public on February 12, 2009.
Credit: Yuji Ukai, Fourteenforty Research Institute, Inc.

In the event permission is granted by the recipient to send a receipt confirmation in reply to the message with the tampered request, there is a possibility that involuntary behavior may occur on the computer – such as the execution of unintended programs, deletion of files, and the installation of malicious tools such as viruses and bots.

To fix this vulnerability, update to the fixed version supplied by the vendor.

(1)Evaluation Result

(2) Base Score Metrics

■:Selected Values

The vulnerability has been CWE classified as “Failure to Constrain Operations within the Bounds of the Memory Buffer (Buffer Errors) (CWE-119)”.

IT Security Center,
Information-technology Promotion Agency, Japan (ISEC/IPA)
E-mail: