This script is Copyright (C) 2007-2011 Tenable Network Security, Inc.
The remote mail server is affected by a buffer overflow vulnerability.
The remote host is running the Mercury Mail Transport System, a free
suite of server products for Windows and NetWare associated with
The version of Mercury Mail installed on the remote host includes an
SMTP server that is affected by a buffer overflow flaw. Using a
specially crafted 'AUTH CRAM-MD5' request, an unauthenticated, remote
attacker can leverage this issue to crash the remote application and
even execute arbitrary code remotely, subject to the privileges under
which the application runs.
See also :
Upgrade to Mercury/32 v4.52 or later or apply the 4.01c / 1.49
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : true