CVE-2004-2727

MailEnable Professional 1.5-1.7 - Denial of Service via Long HTTP GET Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2727. PoCs published by Behrang Fouladi.

AI-analyzed exploit summary This is a technical writeup describing a remote heap buffer overflow in MailEnable Professional and Enterprise editions up to version 1.18. The vulnerability allows arbitrary code execution as SYSTEM by controlling EAX and ECX registers via a crafted HTTP GET request.

Description

Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Behrang Fouladi · textdoswindows

https://www.exploit-db.com/exploits/24103

View Code ZIP pw:eip

This is a technical writeup describing a remote heap buffer overflow in MailEnable Professional and Enterprise editions up to version 1.18. The vulnerability allows arbitrary code execution as SYSTEM by controlling EAX and ECX registers via a crafted HTTP GET request.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: MailEnable Professional and Enterprise editions up to 1.18

No auth needed

Prerequisites: Network access to the MailEnable server · MailEnable Professional or Enterprise edition up to version 1.18

MITRE ATT&CK