CVE-2007-1373

Mercury Mail Transport System < 4.01b - Remote Code Execution via Long LOGIN Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2007-1373. PoCs published by Metasploit, mu-b, c0d3r, including Metasploit module exploits/windows/imap/mercury_login.

AI-analyzed exploit summary This is a Metasploit module exploiting a stack buffer overflow in Mercury/32 IMAPD's LOGIN verb. It sends a crafted login command to overflow the buffer and execute arbitrary code via a reverse shell payload.

Description

Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16473

This is a Metasploit module exploiting a stack buffer overflow in Mercury/32 IMAPD's LOGIN verb. It sends a crafted login command to overflow the buffer and execute arbitrary code via a reverse shell payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mercury/32 <= 4.01b IMAPD
No auth needed
Prerequisites: Network access to the target IMAP service (port 143)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mu-b · perldoswindows
https://www.exploit-db.com/exploits/3418

This exploit targets a stack-based buffer overflow in Mercury/32 IMAP server versions prior to 4.01b. It sends a maliciously crafted LOGIN command with excessive continuation data to trigger the overflow, potentially allowing remote code execution without authentication.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mercury/32 < v4.01b
No auth needed
Prerequisites: Network access to the target IMAP server (port 143)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by c0d3r · cremotewindows
https://www.exploit-db.com/exploits/1223

This is a functional exploit for CVE-2007-1373, targeting a buffer overflow in Mercury IMAP Server 4.01a. It includes shellcode for remote code execution and supports multiple Windows targets.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mercury Mail Transport System 4.01a
Auth required
Prerequisites: Network access to the target IMAP server · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by mu-b, MC, Ivan Racic · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/imap/mercury_login.rb

This Metasploit module exploits a stack buffer overflow in Mercury/32 IMAPD via a crafted LOGIN command, achieving remote code execution through SEH overwrite and egghunter techniques.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Mercury/32 <= 4.01b IMAPD
No auth needed
Prerequisites: Network access to target IMAP service (port 143)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/33883
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2398
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/32848
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24367

Scores

EPSS 0.5869
EPSS Percentile 99.0%

Details

Status published
Products (1)
pmail/mercury_mail_transport_system < 4.01b
Published Mar 10, 2007
Tracked Since Feb 18, 2026