Lucene search

SAINT CorporationSAINT:06CEB94C0B661EC8B5465180FC5F287A

HistoryFeb 16, 2010 - 12:00 a.m.

Eureka Email POP3 Error Stack Buffer Overflow

2010-02-1600:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.685 Medium

EPSS

Percentile

98.0%

JSON

Added: 02/16/2010
CVE: CVE-2009-3837
OSVDB: 59262

Background

Eureka Email is an e-mail client with built-in junk e-mail filtering.

Problem

A malicious POP3 mail server can send a long error message to the Eureka Email client, causing a stack buffer overflow.

Resolution

Upgrade when a fix becomes available or use a different e-mail client.

References

<http://secunia.com/advisories/37132/>

Limitations

Exploit works on Eureka Email 2.2q and the user must use Eureka Email to contact the exploit server using the POP protocol.

Platforms

Windows

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.685 Medium

EPSS

Percentile

98.0%

JSON

Related for SAINT:06CEB94C0B661EC8B5465180FC5F287A