CVE-2008-7182

NetWin Surgemail <3.9g2 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-7182. PoCs published by Travis Warren.

AI-analyzed exploit summary This Python script exploits a buffer overflow vulnerability in Surgemail's IMAP service via the APPEND command, leading to a Denial of Service (DoS). It sends an oversized buffer to trigger the overflow post-authentication.

Description

Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. NOTE: due to lack of details, it is not certain whether this is the same issue as CVE-2008-2859.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Travis Warren · pythondoswindows
https://www.exploit-db.com/exploits/5968

This Python script exploits a buffer overflow vulnerability in Surgemail's IMAP service via the APPEND command, leading to a Denial of Service (DoS). It sends an oversized buffer to trigger the overflow post-authentication.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Surgemail version 39e-1
Auth required
Prerequisites: Network access to the target IMAP service (port 143) · Valid credentials for authentication
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5968
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30000
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/496482
Vendor Advisory x_refsource_misc
http://www.netwinsite.com/surgemail/help/updates.htm

Scores

EPSS 0.2428
EPSS Percentile 97.6%

Details

CWE
CWE-119
Status published
Products (1)
netwin/surgemail 3.9e
Published Sep 08, 2009
Tracked Since Feb 18, 2026