CVE-2002-1073

MERCUR Mailserver 4.2 - Remote Code Execution via Long Password Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1073. PoCs published by anonymous.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the MERCUR Mailserver Control-Service component (CVE-2002-1073). It sends a maliciously crafted username and password to overwrite EIP and execute arbitrary shellcode, resulting in remote code execution.

Description

Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password.

Exploits (1)

exploitdb WORKING POC VERIFIED
by anonymous · cremotewindows
https://www.exploit-db.com/exploits/21626

This exploit targets a buffer overflow vulnerability in the MERCUR Mailserver Control-Service component (CVE-2002-1073). It sends a maliciously crafted username and password to overwrite EIP and execute arbitrary shellcode, resulting in remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: MERCUR Mailserver (version not specified)
No auth needed
Prerequisites: Network access to TCP port 32000 · Vulnerable MERCUR Mailserver instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5261
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0195.html
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9618.php

Scores

EPSS 0.0573
EPSS Percentile 92.1%

Details

Status published
Products (6)
atrium_software/mercur_mailserver 3.3
atrium_software/mercur_mailserver 3.3_sp1
atrium_software/mercur_mailserver 3.3_sp2
atrium_software/mercur_mailserver 4.1
atrium_software/mercur_mailserver 4.1_sp1
atrium_software/mercur_mailserver 4.2
Published Oct 04, 2002
Tracked Since Feb 18, 2026