Vulnerabilities > CVE-2003-1200 - Unspecified vulnerability in Alt-N Mdaemon

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
alt-n
exploit available
metasploit

Summary

Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi.

Exploit-Db

  • descriptionAlt-N MDaemon 6.x/WorldClient Form2Raw Raw Message Handler Buffer Overflow Vulnerability (1). CVE-2003-1200. Dos exploit for windows platform
    idEDB-ID:23501
    last seen2016-02-02
    modified2003-12-29
    published2003-12-29
    reporterBehrang Fouladi
    sourcehttps://www.exploit-db.com/download/23501/
    titleAlt-N MDaemon 6.x/WorldClient Form2Raw Raw Message Handler Buffer Overflow Vulnerability 1
  • descriptionMDaemon. CVE-2003-1200. Remote exploit for windows platform
    idEDB-ID:16812
    last seen2016-02-02
    modified2010-07-01
    published2010-07-01
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16812/
    titleMDaemon <= 6.8.5 WorldClient form2raw.cgi Stack Buffer Overflow
  • descriptionAlt-N MDaemon 6.x/WorldClient Form2Raw Raw Message Handler Buffer Overflow Vulnerability (2). CVE-2003-1200. Remote exploit for windows platform
    idEDB-ID:23502
    last seen2016-02-02
    modified2003-12-29
    published2003-12-29
    reporterRosiello Security
    sourcehttps://www.exploit-db.com/download/23502/
    titleAlt-N MDaemon 6.x/WorldClient Form2Raw Raw Message Handler Buffer Overflow Vulnerability 2

Metasploit

descriptionThis module exploits a stack buffer overflow in Alt-N MDaemon SMTP server for versions 6.8.5 and earlier. When WorldClient HTTP server is installed (default), a CGI script is provided to accept html FORM based emails and deliver via MDaemon.exe, by writing the CGI output to the Raw Queue. When X-FromCheck is enabled (also default), the temporary form2raw.cgi data is copied by MDaemon.exe and a stack based overflow occurs when an excessively long From field is specified. The RawQueue is processed every 1 minute by default, to a maximum of 60 minutes. Keep this in mind when choosing payloads or setting WfsDelay... You'll need to wait. Furthermore, this exploit uses a direct memory jump into a nopsled (which isn't very reliable). Once the payload is written into the Raw Queue by Form2Raw, MDaemon will continue to crash/execute the payload until the CGI output is manually deleted from the queue in C:\MDaemon\RawFiles\\*.raw.
idMSF:EXPLOIT/WINDOWS/HTTP/MDAEMON_WORLDCLIENT_FORM2RAW
last seen2020-03-11
modified2017-11-08
published2009-07-03
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1200
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/mdaemon_worldclient_form2raw.rb
titleMDaemon WorldClient form2raw.cgi Stack Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83045/mdaemon_worldclient_form2raw.rb.txt
idPACKETSTORM:83045
last seen2016-12-05
published2009-11-26
reporterpatrick
sourcehttps://packetstormsecurity.com/files/83045/MDaemon-6.8.5-WorldClient-form2raw.cgi-Stack-Overflow.html
titleMDaemon <= 6.8.5 WorldClient form2raw.cgi Stack Overflow

Saint

bid9317
descriptionMDaemon WorldClient form2raw.cgi From buffer overflow
idmail_web_mdaemonversion
osvdb3255
titlemdaemon_worldclient_form2raw
typeremote