CVE-2003-1177

MERCUR Mailserver 4.2 - Buffer Overflow via Base64 Decoder in AUTH Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1177. PoCs published by Kostya KORTCHINSKY.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in MERCUR Mailserver's IMAP AUTH command handling. By sending an overly long AUTH PLAIN command, an attacker can potentially execute arbitrary code or crash the service.

Description

Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kostya KORTCHINSKY · textdoswindows
https://www.exploit-db.com/exploits/23267

This exploit demonstrates a buffer overflow vulnerability in MERCUR Mailserver's IMAP AUTH command handling. By sending an overly long AUTH PLAIN command, an attacker can potentially execute arbitrary code or crash the service.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: MERCUR Mailserver (version not specified)
No auth needed
Prerequisites: Network access to the IMAP port of the vulnerable MERCUR Mailserver
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8861
Patch third-party-advisory x_refsource_secunia
http://secunia.com/advisories/10038
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/8889
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/2688
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13468

Scores

EPSS 0.1293
EPSS Percentile 95.8%

Details

Status published
Products (8)
atrium_software/mercur_mailserver 3.3
atrium_software/mercur_mailserver 3.3_sp1
atrium_software/mercur_mailserver 3.3_sp2
atrium_software/mercur_mailserver 4.1
atrium_software/mercur_mailserver 4.1_sp1
atrium_software/mercur_mailserver 4.2
atrium_software/mercur_mailserver 4.2_sp1
atrium_software/mercur_mailserver 4.2_sp2
Published Dec 31, 2003
Tracked Since Feb 18, 2026