Vulnerabilities > CVE-2007-1373 - Remote Security vulnerability in Mercury Mail Transport System

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
pmail
critical
exploit available
metasploit

Summary

Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.

Vulnerable Configurations

Part Description Count
Application
Pmail
1

Exploit-Db

  • descriptionMercury/32. CVE-2007-1373. Remote exploit for windows platform
    idEDB-ID:16473
    last seen2016-02-01
    modified2010-06-22
    published2010-06-22
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16473/
    titleMercury/32 <= 4.01b - LOGIN Buffer Overflow
  • descriptionMercury/32 Mail Server <= 4.01b (check) Buffer Overflow Exploit PoC. CVE-2007-1373. Dos exploit for windows platform
    idEDB-ID:3418
    last seen2016-01-31
    modified2007-03-06
    published2007-03-06
    reportermu-b
    sourcehttps://www.exploit-db.com/download/3418/
    titleMercury/32 Mail Server <= 4.01b check Buffer Overflow Exploit PoC
  • descriptionMercury Mail <= 4.01a (Pegasus) IMAP Buffer Overflow Exploit. CVE-2006-5961,CVE-2007-1373. Remote exploit for windows platform
    idEDB-ID:1223
    last seen2016-01-31
    modified2005-09-20
    published2005-09-20
    reporterc0d3r
    sourcehttps://www.exploit-db.com/download/1223/
    titleMercury Mail <= 4.01a Pegasus IMAP Buffer Overflow Exploit

Metasploit

descriptionThis module exploits a stack buffer overflow in Mercury/32 <= 4.01b IMAPD LOGIN verb. By sending a specially crafted login command, a buffer is corrupted, and code execution is possible. This vulnerability was discovered by (mu-b at digit-labs.org).
idMSF:EXPLOIT/WINDOWS/IMAP/MERCURY_LOGIN
last seen2020-03-09
modified2018-10-28
published2007-05-07
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1373
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/imap/mercury_login.rb
titleMercury/32 4.01 IMAP LOGIN SEH Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/83126/mercury_login.rb.txt
idPACKETSTORM:83126
last seen2016-12-05
published2009-11-26
reporterMC
sourcehttps://packetstormsecurity.com/files/83126/Mercury-32-4.01b-LOGIN-Buffer-Overflow.html
titleMercury/32 <= 4.01b LOGIN Buffer Overflow

Saint

descriptionMercury IMAP data continuation buffer overflow
idmail_imap_mercury
osvdb33883
titlemercury_imap_continuation
typeremote