CVE-2004-1211

high

Description

Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/18318

http://www.osvdb.org/12508

http://secunia.com/advisories/13348

http://marc.info/?l=bugtraq&m=110193702909991&w=2

http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029701.html

http://home.kabelfoon.nl/~jaabogae/han/m_401b.html

Details

Source: Mitre, NVD

Published: 2005-01-10

Updated: 2017-07-11

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High