CVE-2003-0391

Magic WinMail Server <2.x - DoS/RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0391. PoCs published by ThreaT.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in Magic Winmail Server 2.3 (Build 0402) via the SMTP protocol to achieve remote code execution. It uses a crafted payload with format specifiers to overwrite memory addresses and execute arbitrary commands.

Description

Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the PASS command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ThreaT · cremotewindows

https://www.exploit-db.com/exploits/42

View Code ZIP pw:eip

This exploit leverages a format string vulnerability in Magic Winmail Server 2.3 (Build 0402) via the SMTP protocol to achieve remote code execution. It uses a crafted payload with format specifiers to overwrite memory addresses and execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Magic Winmail Server 2.3 (Build 0402)

No auth needed

Prerequisites: Network access to the SMTP port (default 25) · Vulnerable version of Magic Winmail Server

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=105370528428222&w=2

Various Sources x_refsource_misc

http://www.magicwinmail.net/changelog.asp

Scores

EPSS 0.0352

EPSS Percentile 87.7%

Details

Status published

Products (1)

amax_information_technologies/magic_winmail_server < 2.3

Published Jul 02, 2003

Tracked Since Feb 18, 2026