MERCUR Messaging IMAP LOGIN command buffer overflow
Added: 07/10/2006CVE: CVE-2006-1255
BID: 17138
OSVDB: 23950
Background
MERCUR Messaging 2005 is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms.Problem
A buffer overflow vulnerability in the IMAP service when processing the LOGIN command allows remote attackers to execute arbitrary commands.Resolution
Apply MERCUR Messaging 2005 Service Pack 4 or higher.References
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1104.htmlLimitations
Exploit works on MERCUR Messaging 2005 Service Pack 3.Platforms
Windows 2000 SP0Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 / Windows 2000 SP4
Windows XP SP0 / Windows XP SP1
Windows XP / Windows XP SP2
Windows Server 2003
Windows Server 2003 SP1
Back to exploit index