MERCUR imapd NTLMSSP

Added: 04/03/2007
CVE: CVE-2007-1578
BID: 23058
OSVDB: 33545

Background

MERCUR Messaging Server is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms.

Problem

A buffer overflow vulnerability in MERCUR Messaging Server allows remote attackers to execute arbitrary commands by sending a specially crafted NTLM Type 3 message to the imapd service.

Resolution

Upgrade to MERCUR Messaging Server 5.0 SP5 or higher when available.

References

http://secunia.com/advisories/24596

Limitations

Exploit works on MERCUR Messaging Server 5.0 SP3 and SP4 on Windows 2000.

Platforms

Windows

Back to exploit index