CVE-2009-1516

IceWarp Merak Mail Server 9.4.1 - Stack-Based Buffer Overflow via Base64FileEncode Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1516. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit targets a stack-based buffer overflow in Icewarp Merak Mail Server 9.4.1 via the Base64FileEncode() method in api.dll. It uses a crafted payload to overwrite the return address and execute arbitrary shellcode, demonstrating remote code execution.

Description

Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Nine:Situations:Group · phpdoswindows
https://www.exploit-db.com/exploits/8542

This exploit targets a stack-based buffer overflow in Icewarp Merak Mail Server 9.4.1 via the Base64FileEncode() method in api.dll. It uses a crafted payload to overwrite the return address and execute arbitrary shellcode, demonstrating remote code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Icewarp Merak Mail Server 9.4.1
No auth needed
Prerequisites: IceWarp PHP extension loaded · Access to the Merak PHP console
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8542
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34739

Scores

EPSS 0.0321
EPSS Percentile 86.5%

Details

CWE
CWE-119
Status published
Products (1)
icewarp/merak_mail_server 9.4.1
Published May 04, 2009
Tracked Since Feb 18, 2026