CVE-2007-4646

Hexamail Server 3.0.0.001 Lite - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4646. PoCs published by rgod.

AI-analyzed exploit summary This PoC exploits a pre-authentication buffer overflow in Hexamail Server 3.0.0.001 via the POP3 USER command. It sends a crafted payload to crash the server and demonstrates control over EAX and ECX registers, suggesting potential for arbitrary code execution.

Description

Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpdoswindows

https://www.exploit-db.com/exploits/4344

View Code ZIP pw:eip

This PoC exploits a pre-authentication buffer overflow in Hexamail Server 3.0.0.001 via the POP3 USER command. It sends a crafted payload to crash the server and demonstrates control over EAX and ECX registers, suggesting potential for arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Hexamail Server 3.0.0.001

No auth needed

Prerequisites: Network access to the target POP3 service (port 110)

MITRE ATT&CK