CyberSec.Space Logo
Back to CVE Browser

CVE-2003-1177

HIGH
7.5
CVSS Severity Score
EPSS Score0.1350%
EPSS Percentile36.64th
PublishedDec 31, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.

Affected Platforms (CPE)

πŸ“¦
Atrium Software

Mercur Mailserver

= 3.3
πŸ“¦
Atrium Software

Mercur Mailserver

= 3.3_sp1
πŸ“¦
Atrium Software

Mercur Mailserver

= 3.3_sp2
πŸ“¦
Atrium Software

Mercur Mailserver

= 4.1
πŸ“¦
Atrium Software

Mercur Mailserver

= 4.1_sp1
πŸ“¦
Atrium Software

Mercur Mailserver

= 4.2
πŸ“¦
Atrium Software

Mercur Mailserver

= 4.2_sp1
πŸ“¦
Atrium Software

Mercur Mailserver

= 4.2_sp2

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.html
πŸ”— http://secunia.com/advisories/10038
πŸ”— http://www.atrium-software.com/mail%20server/pub/mcr42sp3a.html
πŸ”— http://www.osvdb.org/2688
πŸ”— http://www.securiteam.com/windowsntfocus/6U00N1P8KC.html
πŸ”— http://www.securityfocus.com/bid/8861
πŸ”— http://www.securityfocus.com/bid/8889
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/13468

Related Vulnerabilities

CVE-2003-132210.0

Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execut...

CVE-2002-10737.5

Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long pass...

CVE-2003-030410.0

one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to create administrator accounts by directly calling the inst...

CVE-2003-009510.0

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary cod...