Atrium Software Mercur WebView WebMail-Client 1.0 - Buffer Overflow

2000-03-16T00:00:00
ID EDB-ID:19810
Type exploitdb
Reporter Ussr Labs
Modified 2000-03-16T00:00:00

Description

Atrium Software Mercur WebView WebMail-Client 1.0 Buffer Overflow. CVE-2000-0239. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/1056/info

WebView WebMail-Client is an add-on for the Mercur SMTP/POP3/IMAP4 Mail Server which allows a user to access email through a web browser.

Insufficient boundary checking exists in the code which handles GET requests, specifically on port 1080. Issuing a GET request containing a string of over 1000 characters on port 1080 will cause the WebView WebMail-Client application to crash.

eg.
http: //target/&mail_user=<string containing over 1000 characters>

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19810-1.exe

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/19810-2.zip