CVE-1999-1529

Trend Micro Interscan VirusWall 3.23/3.3 for NT - Buffer Overflow via HELO Command

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-1529.

AI-analyzed exploit summary This is a functional exploit for CVE-1999-1529, targeting a buffer overflow in the HELO command of the InterScan VirusWall SMTP gateway. The assembly code constructs a malicious payload to achieve remote code execution (RCE) by overflowing the buffer with NOP sleds and shellcode.

Description

A buffer overflow exists in the HELO command in Trend Micro Interscan VirusWall SMTP gateway 3.23/3.3 for NT, which may allow an attacker to execute arbitrary code.

Exploits (2)

exploitdb WORKING POC

remotewindows

https://www.exploit-db.com/exploits/19614

View Code ZIP pw:eip

This is a functional exploit for CVE-1999-1529, targeting a buffer overflow in the HELO command of the InterScan VirusWall SMTP gateway. The assembly code constructs a malicious payload to achieve remote code execution (RCE) by overflowing the buffer with NOP sleds and shellcode.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: InterScan VirusWall 3.23/3.3

No auth needed

Prerequisites: Network access to the vulnerable SMTP gateway · Target system running InterScan VirusWall 3.23/3.3

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

exploitdb WORKING POC

perlremotewindows

https://www.exploit-db.com/exploits/19612

View Code ZIP pw:eip

This Perl script exploits a buffer overflow in the HELO command of the InterScan VirusWall SMTP gateway (versions 3.32 builds 1011 and 1022). It sends a crafted HELO command with 4075 'a' characters to trigger a DoS or potential RCE, depending on the system configuration.