Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the initial request to the IMAP port (143/tcp).

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0671)