The flaw, first reported by security researchers at Atlanta-based Internet Security Systems, is present in Sendmails e-mail server software and could be exploited by someone sending malicious data to a computer running the software at specific time intervals, ISS said.
If exploited in such a manner by an outsider, the flaw could allow the attacker to corrupt the applications memory and gain control of the device.
Sendmail Consortium, which oversees development of non-commercial versions of the e-mail software, released an updated version of the application that includes a security patch meant to fix the flaw.
The group cautioned all users of the Sendmail 8 version of the product to move to the new iteration, Version 8.13.6.
Users of Version 8.12.11 can apply the patch separately, but Sendmail Consortium said the fix would not work with earlier versions and indicated that the update could cause those versions to malfunction.
The affected e-mail server software is a descendant of the original ARPAnet delivermail application and remains one of the most popular forms of MTA (mail transfer agent) used in the world. Sendmail Consortium contends that its Web server platform currently handles roughly 70 percent of the worlds e-mail traffic.
Sendmail Inc., which markets commercial versions of the software, said the flaw affected its Sendmail Switch, Managed MTA, Multi-Switch v 3.1.7 and earlier versions, and its Sentrion 1.1 appliance. The glitch also affects its Advanced Message Server, Message Store v 2.2 and Intelligent Quarantine 3.0 applications.
Researchers said that once an attacker gains control of a machine harboring the vulnerability, it is possible that the attacker could then infiltrate a corporate network the exploited computer is connected to. ISS noted that the attacker would not need to trick the computers user in any way to take advantage of the flaw.