header-logo
Suggest Exploit
vendor:
The Bat!
by:
SecurityFocus
3.3
CVSS
MEDIUM
Denial of Service
400
CWE
Product Name: The Bat!
Affected Version From: The Bat! 1.53
Affected Version To: The Bat! 1.53
Patch Exists: NO
Related CWE: N/A
CPE: a:ritlabs:the_bat
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

The Bat! Remote Denial of Service Vulnerability

The Bat! is vulnerable to a remote denial of Service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause The Bat! to incorrectly interpret the message's structure. This can lead The Bat! to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account.

Mitigation:

Ensure that all email messages sent to the affected POP3 account are properly formatted with CR and LF characters.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/2636/info

"The Bat!" is an MUA for Windows by Rit Research Labs.

"The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop.

As a result, the user will remain unable to receive new email messages from the affected POP3 account. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/20783.zip

Navigation

Suggest Exploit

Services By CQR