CVE-2006-3277

MailEnable Standard <1.92-Enterprise <2.0 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3277. PoCs published by db0.

AI-analyzed exploit summary This Perl script exploits a denial-of-service vulnerability in MailEnable SMTP by sending a malformed HELO command with a null byte and extended character. The exploit repeatedly connects to the target SMTP service on port 25 and sends the crafted payload to crash the application.

Description

The SMTP service of MailEnable Standard 1.92 and earlier, Professional 2.0 and earlier, and Enterprise 2.0 and earlier before the MESMTPC hotfix, allows remote attackers to cause a denial of service (application crash) via a HELO command with a null byte in the argument, possibly triggering a length inconsistency or a missing argument.

Exploits (1)

exploitdb WORKING POC VERIFIED

by db0 · perldoswindows

https://www.exploit-db.com/exploits/28103

View Code ZIP pw:eip

This Perl script exploits a denial-of-service vulnerability in MailEnable SMTP by sending a malformed HELO command with a null byte and extended character. The exploit repeatedly connects to the target SMTP service on port 25 and sends the crafted payload to crash the application.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: MailEnable SMTP (versions affected by CVE-2006-3277)

No auth needed

Prerequisites: Network access to the target SMTP service (port 25)

MITRE ATT&CK