CVE-2005-2472

BusinessMail 4.60.00 - Denial of Service via Long SMTP HELO or MAIL FROM Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-2472. PoCs published by Kozan, Reed Arvin.

AI-analyzed exploit summary This exploit targets a denial-of-service vulnerability in BusinessMail Server 4.60.00 by sending malformed HELO and MAIL FROM commands with an excessively long buffer of 'A' characters. The exploit establishes a TCP connection to port 25 and triggers the crash by overflowing the buffer.

Description

Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Kozan · cdoswindows
https://www.exploit-db.com/exploits/1126

This exploit targets a denial-of-service vulnerability in BusinessMail Server 4.60.00 by sending malformed HELO and MAIL FROM commands with an excessively long buffer of 'A' characters. The exploit establishes a TCP connection to port 25 and triggers the crash by overflowing the buffer.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BusinessMail Server 4.60.00
No auth needed
Prerequisites: Network access to the target's SMTP port (25)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Reed Arvin · perldoswindows
https://www.exploit-db.com/exploits/1164

This exploit targets a denial-of-service (DoS) vulnerability in BusinessMail email server system 4.60.00 by sending oversized HELO and MAIL FROM commands to the SMTP service on port 25. The excessive input length (512 'A' characters) triggers a crash or instability in the server.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: BusinessMail email server system 4.60.00
No auth needed
Prerequisites: Network access to the target SMTP server (port 25)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1014602
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/18407
Exploit, Patch mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/035647.html
Exploit, Patch x_refsource_misc
http://reedarvin.thearvins.com/20050730-01.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16306
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112291456305261&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/21636
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14434

Scores

EPSS 0.0458
EPSS Percentile 90.4%

Details

Status published
Products (1)
netcplus/businessmail 4.60.00
Published Aug 05, 2005
Tracked Since Feb 18, 2026