CVE-2005-2665

Elm 2.5 PL5-PL7 - Remote Code Execution via Expires Header Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-2665. PoCs published by c0ntex.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the elm email client (CVE-2005-2665) by crafting a malicious email with an oversized 'Expires' field. It overwrites memory addresses to execute arbitrary shellcode, spawning a reverse shell via netcat.

Description

Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by c0ntex · cremotelinux

https://www.exploit-db.com/exploits/1171

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the elm email client (CVE-2005-2665) by crafting a malicious email with an oversized 'Expires' field. It overwrites memory addresses to execute arbitrary shellcode, spawning a reverse shell via netcat.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: elm email client < 2.5.8

No auth needed

Prerequisites: elm email client < 2.5.8 installed · ability to send emails to the target · netcat installed on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Various Sources vendor-advisory x_refsource_slackware

http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.419306

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/16508

Patch vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1014745

Vendor Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2005-755.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=112472951529964&w=2

Patch mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDKSA-2005:186

Third Party Advisory, VDB Entry vendor-advisory x_refsource_sco

http://www.securityfocus.com/advisories/9670

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15117

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17475

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/16554

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/14613

Various Sources vendor-advisory x_refsource_slackware

http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056

Scores

EPSS 0.1526

EPSS Percentile 96.3%

Details

Status published

Products (3)

elm_development_group/elm 2.5_pl5

elm_development_group/elm 2.5_pl6

elm_development_group/elm 2.5_pl7

Published Aug 23, 2005

Tracked Since Feb 18, 2026