CVE-2004-1558

YPOPs! 0.4-0.6 - Stack-Based Buffer Overflow via Long POP3 USER Command or SMTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2004-1558. PoCs published by Metasploit, Diabolic Crab, class101, including Metasploit module exploits/windows/smtp/ypops_overflow1.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in YPOPS 0.6 POP3 service. It targets multiple Windows versions by overwriting EIP with a 'jmp ebx' instruction in ws_32.dll.

Description

Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16818

This is a Metasploit module exploiting a stack buffer overflow in YPOPS 0.6 POP3 service. It targets multiple Windows versions by overwriting EIP with a 'jmp ebx' instruction in ws_32.dll.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: YPOPS 0.6
No auth needed
Prerequisites: Network access to vulnerable YPOPS service · Target system running an affected Windows version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Diabolic Crab · cremotewindows
https://www.exploit-db.com/exploits/582

This exploit targets a buffer overflow vulnerability in YahooPOPs <= 1.6 SMTP server. It sends a crafted payload containing shellcode to bind a shell on port 101, followed by a JMP ESP instruction and a JMP EBX instruction to redirect execution flow.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: YahooPOPs <= 1.6
No auth needed
Prerequisites: Network access to the target SMTP server · YahooPOPs <= 1.6 running on the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by class101 · cremotewindows
https://www.exploit-db.com/exploits/577

This exploit targets a buffer overflow vulnerability in YahooPOPS v1.6 and prior via the SMTP port. It constructs a payload with NOP sleds, shellcode, and a JMP ESP instruction to execute a bind shell on port 101.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: YahooPOPS <= v1.6
No auth needed
Prerequisites: Network access to the SMTP port (default 25) · Vulnerable YahooPOPS version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smtp/ypops_overflow1.rb

This Metasploit module exploits a stack buffer overflow in YPOPS 0.6 by sending a crafted payload to the POP3 service, targeting multiple Windows versions. It leverages a 'jmp ebx' instruction in ws_32.dll to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: YPOPS 0.6
No auth needed
Prerequisites: Network access to the YPOPS service · Target system running a vulnerable version of YPOPS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Various Sources x_refsource_confirm
http://dbeusee.home.comcast.net/history.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/10366
Exploit, Vendor Advisory x_refsource_misc
http://www.hat-squad.com/en/000075.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=109630699829536&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/10367
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17518
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/alerts/2004/Sep/1011426.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/12660
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17515
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2006-October/001089.html
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/11256

Scores

EPSS 0.7111
EPSS Percentile 99.3%

Details

Status published
Products (9)
ypops/ypops 0.4
ypops/ypops 0.4.1
ypops/ypops 0.4.2
ypops/ypops 0.4.3
ypops/ypops 0.4.4
ypops/ypops 0.4.5
ypops/ypops 0.4.6
ypops/ypops 0.5
ypops/ypops 0.6
Published Dec 31, 2004
Tracked Since Feb 18, 2026