CVE-2009-1516

Icewarp Merak Mail Server - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Nine:Situations:Group · phpdoswindows
https://www.exploit-db.com/exploits/8542

References (2)

Scores

EPSS 0.0407
EPSS Percentile 88.6%

Details

CWE
CWE-119
Status published
Products (1)
icewarp/merak_mail_server 9.4.1
Published May 04, 2009
Tracked Since Feb 18, 2026