CVE-2000-0242

WindMail - Remote Command Execution and Arbitrary File Read via Shell Metacharacters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0242. PoCs published by Quan Peng.

AI-analyzed exploit summary The exploit describes a vulnerability in WindMail 3.0 where an attacker can retrieve arbitrary files from the webserver by manipulating the -n switch in command line mode or using an 'Attach:' header in header parsing mode. This is achieved through URL manipulation to send files via email.

Description

WindMail allows remote attackers to read arbitrary files or execute commands via shell metacharacters.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Quan Peng · textremotewindows
https://www.exploit-db.com/exploits/19819

The exploit describes a vulnerability in WindMail 3.0 where an attacker can retrieve arbitrary files from the webserver by manipulating the -n switch in command line mode or using an 'Attach:' header in header parsing mode. This is achieved through URL manipulation to send files via email.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: WindMail 3.0
No auth needed
Prerequisites: knowledge of file paths on the target system · webserver with read access to desired files
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/1073

Scores

EPSS 0.0809
EPSS Percentile 94.1%

Details

Status published
Products (1)
geocel/windmail 3.0
Published Mar 25, 2000
Tracked Since Feb 18, 2026