Mercury Mail Remote IMAP Stack Buffer Overflow (deprecated)

High Nessus Network Monitor Plugin ID 2438


The remote host is vulnerable to a buffer overflow.


The remote host is running Mercury Mail server, an IMAP server for Windows operating systems. It is reported that versions up to and including 4.01 are prone to stack buffer overflow vulnerabilities. An authenticated attacker may execute arbitrary code on the remote server. The attacker needs to authenticate in order to exploit these vulnerabilities against the IMAP server.


No solution is known at this time.

Plugin Details

Severity: High

ID: 2438

File Name: 2438.prm

Family: IMAP Servers

Published: 2004/11/30

Modified: 2015/06/01

Dependencies: 1086

Risk Information

Risk Factor: High


Vector: CVSS2#AV:A/AC:L/Au:S/C:N/I:N/A:N

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Exploitable With

Metasploit (Mercury/32 v4.01a IMAP RENAME Buffer Overflow)

Reference Information

CVE: CVE-2004-1211

BID: 11775, 11788