CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1211

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1680%
EPSS Percentile35.47th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.

Affected Platforms (CPE)

πŸ“¦
David Harris

Mercury

= 4.0.1a

References & Advisories

πŸ”— http://home.kabelfoon.nl/~jaabogae/han/m_401b.html
πŸ”— http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029701.html
πŸ”— http://marc.info/?l=bugtraq&m=110193702909991&w=2
πŸ”— http://secunia.com/advisories/13348
πŸ”— http://www.osvdb.org/12508
πŸ”— http://www.securityfocus.com/bid/11775
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18318
πŸ”— http://home.kabelfoon.nl/~jaabogae/han/m_401b.html

Related Vulnerabilities

CVE-2007-137310.0

Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute...

CVE-2004-251310.0

Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SE...

CVE-2007-044610.0

Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8...

CVE-2020-109909.8

An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java compon...