Vulnerability Details CVE-2004-1211
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.805
EPSS Ranking 99.1%
CVSS Severity
CVSS v2 Score 10.0
References
- http://home.kabelfoon.nl/~jaabogae/han/m_401b.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029701.html
- http://marc.info/?l=bugtraq&m=110193702909991&w=2
- http://secunia.com/advisories/13348
- http://www.osvdb.org/12508
- http://www.securityfocus.com/bid/11775
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18318
- http://home.kabelfoon.nl/~jaabogae/han/m_401b.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029701.html
- http://marc.info/?l=bugtraq&m=110193702909991&w=2
- http://secunia.com/advisories/13348
- http://www.osvdb.org/12508
- http://www.securityfocus.com/bid/11775
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18318
Products affected by CVE-2004-1211
-
cpe:2.3:a:david_harris:mercury:4.0.1a