Lucene search

SAINT CorporationSAINT:F49DDAE19205A28BF46B98B66F243CDE

HistoryFeb 16, 2010 - 12:00 a.m.

Eureka Email POP3 Error Stack Buffer Overflow

2010-02-1600:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.685 Medium

EPSS

Percentile

98.0%

JSON

Added: 02/16/2010
CVE: CVE-2009-3837
OSVDB: 59262

Background

Eureka Email is an e-mail client with built-in junk e-mail filtering.

Problem

A malicious POP3 mail server can send a long error message to the Eureka Email client, causing a stack buffer overflow.

Resolution

Upgrade when a fix becomes available or use a different e-mail client.

References

<http://secunia.com/advisories/37132/>

Limitations

Exploit works on Eureka Email 2.2q and the user must use Eureka Email to contact the exploit server using the POP protocol.

Platforms

Windows

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.685 Medium

EPSS

Percentile

98.0%

JSON

Related for SAINT:F49DDAE19205A28BF46B98B66F243CDE