source: http://www.securityfocus.com/bid/27992/info
SurgeMail is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected service. Failed exploit attempts likely result in denial-of-service conditions.
SurgeMail 38k4 and prior versions are vulnerable.
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/31301.zip