CVE-2002-1075

Pegasus Mail <4.01 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1075. PoCs published by Auriemma Luigi.

AI-analyzed exploit summary The provided text describes a buffer overflow vulnerability in Pegasus Mail 4.01, triggered by long 'To:' or 'From:' message headers exceeding approximately 259 characters. The vulnerability may cause the application to crash when displaying the message.

Description

Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Auriemma Luigi · textremotewindows

https://www.exploit-db.com/exploits/21648

View Code ZIP pw:eip

The provided text describes a buffer overflow vulnerability in Pegasus Mail 4.01, triggered by long 'To:' or 'From:' message headers exceeding approximately 259 characters. The vulnerability may cause the application to crash when displaying the message.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: Pegasus Mail 4.01

No auth needed

Prerequisites: Ability to send an email with a long 'To:' or 'From:' header to a victim using Pegasus Mail

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9673.php

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-07/0277.html

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/5302

Scores

EPSS 0.0573

EPSS Percentile 92.1%

Details

Status published

Products (1)

david_harris/pegasus_mail < 4.01

Published Oct 04, 2002

Tracked Since Feb 18, 2026