CVE-2003-0391

Magic WinMail Server <2.x - DoS/RCE

Title source: llm

Description

Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ThreaT · cremotewindows

https://www.exploit-db.com/exploits/42

View Code ZIP pw:eip

References (2)

[Mailing List] http://marc.info/?l=bugtraq&m=105370528428222&w=2

[Various Sources] http://www.magicwinmail.net/changelog.asp

Scores

EPSS 0.0555

EPSS Percentile 90.3%

Details

Status published

Products (1)

amax_information_technologies/magic_winmail_server < 2.3

Published Jul 02, 2003

Tracked Since Feb 18, 2026