Eureka Email POP3 Error Stack Buffer Overflow

2010-02-16T00:00:00
ID SAINT:EF6EF4CB3A0AE800DF90937B404C0835
Type saint
Reporter SAINT Corporation
Modified 2010-02-16T00:00:00

Description

Added: 02/16/2010
CVE: CVE-2009-3837
OSVDB: 59262

Background

Eureka Email is an e-mail client with built-in junk e-mail filtering.

Problem

A malicious POP3 mail server can send a long error message to the Eureka Email client, causing a stack buffer overflow.

Resolution

Upgrade when a fix becomes available or use a different e-mail client.

References

<http://secunia.com/advisories/37132/>

Limitations

Exploit works on Eureka Email 2.2q and the user must use Eureka Email to contact the exploit server using the POP protocol.

Platforms

Windows