CVE-2004-1558

Ypops - Buffer Overflow

Title source: rule

Description

Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16818

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Diabolic Crab · cremotewindows

https://www.exploit-db.com/exploits/582

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by class101 · cremotewindows

https://www.exploit-db.com/exploits/577

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smtp/ypops_overflow1.rb

View Code ZIP pw:eip

References (11)

[Various Sources] http://dbeusee.home.comcast.net/history.html

[Mailing List] http://marc.info/?l=bugtraq&m=109630699829536&w=2

[Third Party Advisory] http://www.attrition.org/pipermail/vim/2006-October/001089.html

[Exploit, Vendor Advisory] http://www.hat-squad.com/en/000075.html

[Exploit, Patch] http://www.securityfocus.com/bid/11256

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17515

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/17518

[Third Party Advisory, VDB Entry] http://www.osvdb.org/10366

[Third Party Advisory, VDB Entry] http://www.osvdb.org/10367

[Third Party Advisory, VDB Entry] http://securitytracker.com/alerts/2004/Sep/1011426.html

[Third Party Advisory] http://secunia.com/advisories/12660

Scores

EPSS 0.8629

EPSS Percentile 99.4%

Details

Status published

Products (9)

ypops/ypops 0.4

ypops/ypops 0.4.1

ypops/ypops 0.4.2

ypops/ypops 0.4.3

ypops/ypops 0.4.4

ypops/ypops 0.4.5

ypops/ypops 0.4.6

ypops/ypops 0.5

ypops/ypops 0.6

Published Dec 31, 2004

Tracked Since Feb 18, 2026