返回 CVE 瀏覽器

CVE-2004-1211

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.1680%

EPSS Percentile35.47th

Published2005年1月10日

Last Modified2026年4月16日

Vulnerability Description

Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.

Affected Platforms (CPE)

📦

David Harris

Mercury

= 4.0.1a

References & Advisories

🔗 http://home.kabelfoon.nl/~jaabogae/han/m_401b.html

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029701.html

🔗 http://marc.info/?l=bugtraq&m=110193702909991&w=2

🔗 http://secunia.com/advisories/13348

🔗 http://www.osvdb.org/12508

🔗 http://www.securityfocus.com/bid/11775

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/18318

🔗 http://home.kabelfoon.nl/~jaabogae/han/m_401b.html

相關漏洞威脅

CVE-2007-137310.0

Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute...

CVE-2004-251310.0

Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SE...

CVE-2007-044610.0

Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8...

CVE-2020-109909.8

An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java compon...