Vulnerabilities > CVE-2006-1255 - Unspecified vulnerability in Mercur Messaging

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
mercur
nessus
exploit available
metasploit

Summary

Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177.

Vulnerable Configurations

Part Description Count
Application
Mercur
1

Exploit-Db

  • descriptionMercur Mailserver 5.0 SP3 (IMAP) Remote Buffer Overflow Exploit. CVE-2006-1255. Remote exploit for windows platform
    idEDB-ID:1592
    last seen2016-01-31
    modified2006-03-19
    published2006-03-19
    reporterpLL
    sourcehttps://www.exploit-db.com/download/1592/
    titleMercur Mailserver 5.0 SP3 IMAP Remote Buffer Overflow Exploit
  • descriptionMercur Messaging 2005. CVE-2006-1255. Remote exploit for windows platform
    idEDB-ID:3540
    last seen2016-01-31
    modified2007-03-21
    published2007-03-21
    reportermuts
    sourcehttps://www.exploit-db.com/download/3540/
    titleMercur Messaging 2005 <= SP4 - IMAP Remote Exploit egghunter mod
  • descriptionMercur Messaging 2005 IMAP Remote Buffer Overflow Exploit. CVE-2006-1255. Remote exploit for windows platform
    idEDB-ID:3133
    last seen2016-01-31
    modified2007-01-15
    published2007-01-15
    reporterJacopo Cervini
    sourcehttps://www.exploit-db.com/download/3133/
    titleMercur Messaging 2005 IMAP Remote Buffer Overflow Exploit
  • descriptionMercur Messaging 2005 IMAP Login Buffer Overflow. CVE-2006-1255. Remote exploit for windows platform
    idEDB-ID:16481
    last seen2016-02-01
    modified2010-08-25
    published2010-08-25
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16481/
    titleMercur Messaging 2005 IMAP Login Buffer Overflow
  • descriptionMercur v5.0 IMAP SP3 SELECT Buffer Overflow. CVE-2006-1255. Remote exploit for windows platform
    idEDB-ID:16476
    last seen2016-02-01
    modified2010-09-20
    published2010-09-20
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16476/
    titleMercur 5.0 - IMAP SP3 SELECT Buffer Overflow

Metasploit

Nessus

NASL familyGain a shell remotely
NASL idMERCUR_IMAP_BUFFER_OVERFLOW.NASL
descriptionThe remote host is running MERCUR Messaging Server / Mailserver, a commercial messaging application for Windows. The IMAP server component of this software fails to properly copy overly-long arguments to LOGIN and SELECT commands, which can be exploited to crash the server and possibly to execute arbitrary code remotely. Note that the services run by default with LOCAL SYSTEM privileges, which means that an unauthenticated attacker can potentially gain complete control of the affected host.
last seen2020-06-01
modified2020-06-02
plugin id21116
published2006-03-22
reporterThis script is Copyright (C) 2006-2018 Ferdy Riphagen
sourcehttps://www.tenable.com/plugins/nessus/21116
titleMERCUR Messaging IMAP Service Multiple Command Remote Overflow

Packetstorm

Saint

bid17138
descriptionMERCUR Messaging IMAP LOGIN command buffer overflow
idmail_imap_mercur
osvdb23950
titlemercur_imap_login
typeremote