CVE-2006-5551

qk_smtp < 3.0.1 - Remote Code Execution via RCPT TO Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-5551. PoCs published by Jacopo Cervini, Expanders, Greg Linares.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in QKSmtpServer3.exe via the RCPT TO command. It uses a crafted payload to execute a bind shell on port 4444, leveraging a hardcoded return address and encoded shellcode.

Description

Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Jacopo Cervini · pythonremotewindows
https://www.exploit-db.com/exploits/3067

This exploit targets a buffer overflow vulnerability in QKSmtpServer3.exe via the RCPT TO command. It uses a crafted payload to execute a bind shell on port 4444, leveraging a hardcoded return address and encoded shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: QKSmtpServer3.exe (version not specified)
No auth needed
Prerequisites: Network access to the SMTP service (port 25) · Vulnerable version of QKSmtpServer3.exe
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Expanders · cremotewindows
https://www.exploit-db.com/exploits/2649

This exploit targets a buffer overflow vulnerability in QK SMTP <= 3.01 via the RCPT-TO command. It uses a combination of Unicode-aware shellcode and a custom jmpback payload to achieve remote code execution, adding a user to the system.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: QK SMTP <= 3.01
No auth needed
Prerequisites: Network access to the SMTP service · Target running vulnerable QK SMTP version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Greg Linares · cdoswindows
https://www.exploit-db.com/exploits/2625

This exploit targets a format string vulnerability in QK SMTP Server 3.01 and lower via the RCPT TO command, causing a denial-of-service (DoS) by overwriting registers like EIP, EBP, ESI, and EAX. The PoC sends a large buffer to trigger the overflow, demonstrating the vulnerability's potential for further exploitation.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: QK SMTP Server <= 3.01
No auth needed
Prerequisites: Network access to the SMTP server · SMTP server running QK SMTP Server <= 3.01
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017114
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20681
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2625
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22563
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4169

Scores

EPSS 0.0502
EPSS Percentile 91.1%

Details

Status published
Products (1)
qksoft/qk_smtp < 3.0.1
Published Oct 26, 2006
Tracked Since Feb 18, 2026