CVE-2005-4411

Mercury Mail Transport System <4.01b - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-4411. PoCs published by Metasploit, kingcope, including Metasploit module exploits/windows/misc/mercury_phonebook.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack-based buffer overflow in Mercury/32's PH Server Module (CVE-2005-4411). It sends a crafted payload to trigger the vulnerability, leading to remote code execution on vulnerable Windows systems.

Description

Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16419

This is a Metasploit module exploiting a stack-based buffer overflow in Mercury/32's PH Server Module (CVE-2005-4411). It sends a crafted payload to trigger the vulnerability, leading to remote code execution on vulnerable Windows systems.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mercury/32 <= v4.01b PH Server Module
No auth needed
Prerequisites: Network access to the target's PH Server Module (port 105) · Vulnerable version of Mercury/32 installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by kingcope · perlremotewindows
https://www.exploit-db.com/exploits/1375

This exploit targets a buffer overflow vulnerability in Mercury Mail Transport System 4.01b, allowing remote code execution via a crafted payload sent to port 105. The shellcode is encoded and includes a reverse shell mechanism.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mercury Mail Transport System 4.01b
No auth needed
Prerequisites: Network access to target port 105 · Target running vulnerable Mercury Mail Transport System 4.01b
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/mercury_phonebook.rb

This Metasploit module exploits a stack-based buffer overflow in Mercury/32 PH Server Module (CVE-2005-4411) by sending a crafted payload to TCP port 105. The exploit leverages a fixed return address to achieve remote code execution on vulnerable Windows systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mercury/32 PH Server Module <= v4.01b
No auth needed
Prerequisites: Network access to TCP port 105 · Vulnerable version of Mercury/32 PH Server Module
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/1375
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16396
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015374
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/22103
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18611
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23669

Scores

EPSS 0.6466
EPSS Percentile 99.1%

Details

Status published
Products (1)
david_harris/mercury_mail_transport_system 4.01b
Published Dec 20, 2005
Tracked Since Feb 18, 2026