CVE-2003-0264

SLMail 5.1.0.4420 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 12 public exploits for CVE-2003-0264. PoCs published by Metasploit, Ivan Ivanovic, Haroon Rashid Astwat, including Metasploit module exploits/windows/pop3/seattlelab_pass.

AI-analyzed exploit summary This is a Metasploit module exploiting a buffer overflow in Seattle Lab Mail 5.5 POP3 server via an excessively long password. It achieves remote code execution by overwriting the return address with a 'jmp esp' instruction and includes stack adjustment for reliable exploitation.

Description

Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.

Exploits (12)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16399

This is a Metasploit module exploiting a buffer overflow in Seattle Lab Mail 5.5 POP3 server via an excessively long password. It achieves remote code execution by overwriting the return address with a 'jmp esp' instruction and includes stack adjustment for reliable exploitation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Seattle Lab Mail 5.5
No auth needed
Prerequisites: Network access to the POP3 service (port 110) · Vulnerable version of Seattle Lab Mail 5.5
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Ivan Ivanovic · cremotewindows
https://www.exploit-db.com/exploits/646

This exploit targets a buffer overflow vulnerability in SLMail's POP3 PASS command. It sends a crafted payload with a NOP sled and shellcode to achieve remote code execution, binding a shell to port 4444.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SLMail Server (version not specified, likely older versions)
No auth needed
Prerequisites: Network access to the target's POP3 service (port 110) · Vulnerable version of SLMail Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Haroon Rashid Astwat · cremotewindows
https://www.exploit-db.com/exploits/643

This exploit targets a buffer overflow vulnerability in SLMail's POP3 PASS command. It sends a crafted payload with a reverse shell shellcode to achieve remote code execution on the target system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SLMail (likely version 5.5 or earlier)
No auth needed
Prerequisites: Network access to the target's POP3 service (port 110) · Target system running vulnerable SLMail version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by muts · pythonremotewindows
https://www.exploit-db.com/exploits/638

This exploit targets a buffer overflow in SLmail 5.5 POP3 server via the PASS command. It sends a crafted payload with shellcode to achieve remote code execution, spawning a reverse shell on port 4444.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SLmail 5.5
No auth needed
Prerequisites: Network access to the target POP3 service (port 110) · Unpatched SLmail 5.5 on Windows 2000 SP4
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by TheMalwareGuardian · poc
https://github.com/TheMalwareGuardian/CVE-2003-0264

This repository contains a functional exploit for CVE-2003-0264, a stack-based buffer overflow in SLMail 5.5's POP3 PASS command handler. It includes step-by-step exploitation scripts (fuzzing, EIP control, bad character analysis, JMP ESP gadget location, and shellcode execution) and detailed technical documentation.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SLMail 5.5
No auth needed
Prerequisites: Network access to SLMail POP3 service (port 110) · SLMail 5.5 or earlier installed on target
devstral-2 · analyzed Mar 24, 2026 Full analysis →
nomisec WORKING POC
by nobodyatall648 · poc
https://github.com/nobodyatall648/CVE-2003-0264

This repository contains a functional exploit for CVE-2003-0264, a buffer overflow vulnerability in SLMail 5.5's POP3 service. The PoC sends a crafted PASS command with a payload that includes a bind shell, demonstrating remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SLMail 5.5
No auth needed
Prerequisites: Network access to the target's POP3 service (port 110) · SLMail 5.5 running on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by vrikodar · poc
https://github.com/vrikodar/CVE-2003-0264_EXPLOIT

This repository contains a functional exploit for CVE-2003-0264, a stack-based buffer overflow in Seattle Lab Mail (SLmail) 5.5 POP3 service. The exploit includes step-by-step PoC scripts for fuzzing, crash replication, offset calculation, EIP control, bad character identification, and shellcode execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Seattle Lab Mail (SLmail) 5.5
No auth needed
Prerequisites: Network access to SLmail POP3 service (port 110) · Immunity Debugger for analysis (optional)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by pwncone · poc
https://github.com/pwncone/CVE-2003-0264-SLmail-5.5

This repository contains a functional exploit for CVE-2003-0264, targeting a buffer overflow in SLMail 5.5's POP3 service. The exploit sends a malformed PASS command with a crafted payload to achieve remote code execution via a JMP ESP instruction.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Seattle Lab Mail 5.5
No auth needed
Prerequisites: Network access to the target POP3 service (port 110) · Target running SLMail 5.5 on Windows XP Pro SP3 or similar vulnerable OS
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by war4uthor · poc
https://github.com/war4uthor/CVE-2003-0264

This repository contains a functional exploit for CVE-2003-0264, a buffer overflow vulnerability in SLmail POP3 server. The exploit includes a fuzzer and a full exploit with shellcode to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SLmail POP3 Server
No auth needed
Prerequisites: Network access to the target SLmail POP3 server · SLmail POP3 server running on port 110
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by fyoderxx · poc
https://github.com/fyoderxx/slmail-exploit

This repository contains a functional exploit for CVE-2003-0264, targeting a buffer overflow vulnerability in SLmail 5.5. The exploit sends a crafted PASS command with a malicious payload to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SLmail 5.5
No auth needed
Prerequisites: Network access to the target SLmail server on port 110 · A listener set up to receive the reverse shell connection
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by adenkiewicz · poc
https://github.com/adenkiewicz/CVE-2003-0264

This repository contains a functional exploit for CVE-2003-0264, a buffer overflow vulnerability in SLmail 5.5. The exploit uses a reverse TCP shell payload to achieve remote code execution on the target system.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SLmail 5.5
No auth needed
Prerequisites: Network access to the target SLmail server · SLmail 5.5 running on the target system
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC GREAT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/pop3/seattlelab_pass.rb

This Metasploit module exploits an unauthenticated buffer overflow in Seattle Lab Mail 5.5 POP3 server via an excessively long password. It uses a 'jmp esp' return address from SLMFC.DLL to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Seattle Lab Mail 5.5
No auth needed
Prerequisites: Network access to the POP3 service (port 110) · Vulnerable version of Seattle Lab Mail 5.5
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=105232506011335&w=2
Mailing List mailing-list x_refsource_ntbugtraq
http://marc.info/?l=ntbugtraq&m=105233360321895&w=2
Patch, Vendor Advisory x_refsource_misc
http://www.nextgenss.com/advisories/slmail-vulns.txt

Scores

EPSS 0.7148
EPSS Percentile 99.3%

Details

Status published
Products (1)
seattle_lab_software/slmail 5.1.0.4420
Published May 27, 2003
Tracked Since Feb 18, 2026