vendor:
MailCarrier
by:
Dino Covotsos - Telspace Systems
7.5
CVSS
HIGH
SEH Remote Buffer Overflow
119
CWE
Product Name: MailCarrier
Affected Version From: 2.51
Affected Version To: 2.51
Patch Exists: NO
Related CWE: TBC
CPE:
Platforms Tested: Windows XP Prof SP3 ENG x86
2019
MailCarrier 2.51 – SEH Remote Buffer Overflow in “RETR” command(POP3)
This exploit takes advantage of a remote buffer overflow vulnerability in the "RETR" command of the MailCarrier 2.51 POP3 server. By sending a specially crafted request, an attacker can overwrite the Structured Exception Handler (SEH) and gain control of the program flow. This exploit creates a bind shell on port 443 and waits for a connection from the attacker.
Mitigation:
The vendor has not provided a patch for this vulnerability. It is recommended to disable or restrict access to the affected software.