Published: 10/03/2007 Updated: 29/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Subscribe to Mercury Mail Transport System

Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and previous versions allows remote malicious users to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pmail mercury mail transport system

#!/usr/bin/perl # # mercurypown-v1pl # # Mercury/32 <v401b (win32) remote exploit # by mu-b - 28 Nov 2006 # # - Tested on: Mercury/32 v401a (win32) # Mercury/32 v401b (win32) # # Stack-based buffer overflow caused by Mercury/32 concatenating # continuation data into a fixed sized buffer disregarding # the length of the original ...

/* Mercury imap4 server remote buffer overflow exploit author : c0d3r "kaveh razavi" c0d3r@ihsteamcom c0d3r@c0d3rorg package : Mercury mail transport system 401a and prolly prior workaround : upgrade to 401b version advisory : not available right now company address : wwwpmailcom timeline : 15 Sep 2 ...

## # $Id: mercury_loginrb 9583 2010-06-22 19:11:05Z todb $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Met ...

NVD-CWE-Other http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/052802.html http://secunia.com/advisories/24367 http://securityreason.com/securityalert/2398 http://osvdb.org/33883 https://exchange.xforce.ibmcloud.com/vulnerabilities/32848 https://nvd.nist.gov https://www.exploit-db.com/exploits/3418/

CVE-2007-1373

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect