Published: 19/03/2006 Updated: 20/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and previous versions allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mercur mercur messaging

/* * mercurcpp * * Atrium Mercur IMAP 50 SP3 Messaging Multiple IMAP Commands Remote Exploit * Copyright (C) 2006 Javaphile Group * wwwjavaphileorg * * Exploits code by : pll EllisonTang[at]gmail[dot]com * * Bug Reference: * wwwfrsirtcom/bulletins/4332 * */ #include <stdioh> #include <timeh> #include ...

## # $Id: mercur_loginrb 10150 2010-08-25 20:55:37Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Me ...

#!/usr/bin/python # # Mercur Messaging 2005 SP3 IMAP service - Egghunter mod # muts@offensive-securitycom # wwwoffensive-securitycom # Original exploit by Winny Thomas # Thanks Thomas, this code really came in handy ! # VMWare seems to alter the stack a bit as the offset # of the EIP overwrite was a few bytes off (Windows XPsp2) # You ...

#!/usr/bin/perl # Tested on Windows 2k Sp4 Italian and English version and Win XP Pro SP2 Italian and English #version # Perl script based on Sami FTP server remote exploit by Critical Security # wwwsecurityfocuscom/bid/17138 # acaro [at] jervusit use IO::Socket::INET; use Switch; if (@ARGV < 2) { print "---------------------------- ...

## # $Id: mercur_imap_select_overflowrb 10394 2010-09-20 08:06:27Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/ ...

#!/bin/perl # tested on win2k server SP4 English # ATTENTION! If you have an another valid account you must change the offsets this is only a poc # use IO::Socket::INET; my $host = shift(@ARGV); my $port = 143; my $reply; my $request; my $user = "test"; my $pass = "test"; my $nop = "\x90"x8; my $nop1 = "\x90"x20; my $ret = "\x42\xb2\xc1\x40"; ...

NVD-CWE-Other http://secunia.com/advisories/19267 http://www.securityfocus.com/bid/17138 http://www.osvdb.org/23950 http://www.vupen.com/english/advisories/2006/0977 http://seclists.org/fulldisclosure/2006/Mar/1167 http://seclists.org/fulldisclosure/2006/Mar/1111 https://exchange.xforce.ibmcloud.com/vulnerabilities/25290 https://nvd.nist.gov https://www.exploit-db.com/exploits/1592/

CVE-2006-1255

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect