10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.895 High
EPSS
Percentile
98.8%
Added: 07/10/2006
CVE: CVE-2006-1255
BID: 17138
OSVDB: 23950
MERCUR Messaging 2005 is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms.
A buffer overflow vulnerability in the IMAP service when processing the LOGIN command allows remote attackers to execute arbitrary commands.
Apply MERCUR Messaging 2005 Service Pack 4 or higher.
<http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1104.html>
Exploit works on MERCUR Messaging 2005 Service Pack 3.
Windows 2000 SP0
Windows 2000 SP1
Windows 2000 SP2
Windows 2000 SP3
Windows 2000 / Windows 2000 SP4
Windows XP SP0 / Windows XP SP1
Windows XP / Windows XP SP2
Windows Server 2003
Windows Server 2003 SP1