CVE-2006-5552

RevilloC MailServer <= 1.21 - Remote Code Execution via Long MAIL FROM or RCPT TO Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5552. PoCs published by Greg Linares.

AI-analyzed exploit summary This exploit demonstrates a heap-based buffer overflow in RevilloC SMTP Mail Server Suite <= 1.21 via the RCPT TO or MAIL FROM commands. Sending a buffer larger than 4080 bytes causes a denial of service (DoS) or potential arbitrary code execution due to register overwrites.

Description

Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and earlier allow remote attackers to cause a denial of service (CPU consumption or application crash) or execute arbitrary code via a long argument to the (1) MAIL FROM or (2) RCPT TO command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Greg Linares · cdoswindows

https://www.exploit-db.com/exploits/2650

View Code ZIP pw:eip

This exploit demonstrates a heap-based buffer overflow in RevilloC SMTP Mail Server Suite <= 1.21 via the RCPT TO or MAIL FROM commands. Sending a buffer larger than 4080 bytes causes a denial of service (DoS) or potential arbitrary code execution due to register overwrites.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: RevilloC SMTP Mail Server Suite <= 1.21

No auth needed

Prerequisites: Network access to the SMTP server · SMTP server running RevilloC SMTP Mail Server Suite <= 1.21

MITRE ATT&CK