CVE-2005-2287

SoftiaCom wMailServer 1.0 and 2.0 - Denial of Service via Large TCP Packet with Leading Space

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2005-2287. PoCs published by Metasploit, y0, Kozan, including Metasploit module exploits/windows/smtp/wmailserver.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in SoftiaCom WMailserver 1.0 via SEH overwrite. It sends a crafted payload to the SMTP service on port 25 to achieve remote code execution.

Description

SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16819

This is a Metasploit module exploiting a stack buffer overflow in SoftiaCom WMailserver 1.0 via SEH overwrite. It sends a crafted payload to the SMTP service on port 25 to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SoftiaCom WMailserver 1.0
No auth needed
Prerequisites: Network access to the target's SMTP service (port 25) · Target running SoftiaCom WMailserver 1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by y0 · remotewindows
https://www.exploit-db.com/exploits/1463

This exploit targets a stack-based buffer overflow in SoftiaCom WMailserver 1.0 SMTP service via a SEH frame overwrite. It sends a maliciously crafted payload to trigger remote code execution on vulnerable Windows systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SoftiaCom WMailserver 1.0
No auth needed
Prerequisites: Network access to the SMTP service (port 25) · Vulnerable version of SoftiaCom WMailserver
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Kozan · cdoswindows
https://www.exploit-db.com/exploits/1101

This exploit sends a large buffer of 'A' characters to wMailServer on port 25, triggering a remote denial-of-service (DoS) condition. The code is a straightforward network-based DoS PoC without obfuscation or malicious payloads.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: wMailServer (version not specified)
No auth needed
Prerequisites: Network access to target's SMTP port (25)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smtp/wmailserver.rb

This Metasploit module exploits a stack buffer overflow in SoftiaCom WMailserver 1.0 via a SEH frame overwrite. It sends a crafted payload to the SMTP service on port 25 to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SoftiaCom WMailserver 1.0
No auth needed
Prerequisites: Network access to the target SMTP service (port 25) · Target running SoftiaCom WMailserver 1.0
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112122500308722&w=2

Scores

EPSS 0.5683
EPSS Percentile 98.9%

Details

Status published
Products (2)
softiacom/wmailserver 1.0
softiacom/wmailserver 2.0
Published Jul 18, 2005
Tracked Since Feb 18, 2026