CVE-2003-0143

qpopper 4.0.x < 4.0.5fc2 - Authenticated Buffer Overflow via Long Macro Name in mdef Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0143. PoCs published by Florian Heinz.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Qpopper 4.0.4 and earlier via the 'mdef' command, allowing remote code execution. It uses a brute-force approach to determine the correct buffer size and return address for successful exploitation.

Description

The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Florian Heinz · cremotelinux

https://www.exploit-db.com/exploits/22342

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Qpopper 4.0.4 and earlier via the 'mdef' command, allowing remote code execution. It uses a brute-force approach to determine the correct buffer size and return address for successful exploitation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Qpopper 4.0.4 and earlier

Auth required

Prerequisites: Valid POP3 credentials · Network access to the target POP3 service

MITRE ATT&CK