CVE-2009-1647

Ultrafunk Popcorn 1.87 - Heap-Based Buffer Overflow via Long POP3 Response

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1647. PoCs published by x.CJP.x.

AI-analyzed exploit summary This exploit triggers a buffer overflow in UltraFunk Popcorn POP3 server by sending an oversized response to a client connection. The PoC binds to port 110 and waits for a connection before sending a 6000-byte buffer, causing a crash.

Description

Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 allows remote POP3 servers to cause a denial of service (application crash) via a long string in a +OK response. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by x.CJP.x · pythondoswindows
https://www.exploit-db.com/exploits/8526

This exploit triggers a buffer overflow in UltraFunk Popcorn POP3 server by sending an oversized response to a client connection. The PoC binds to port 110 and waits for a connection before sending a 6000-byte buffer, causing a crash.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: UltraFunk Popcorn POP3 Server
No auth needed
Prerequisites: Network access to the target POP3 server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1170
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34699
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8526

Scores

EPSS 0.0274
EPSS Percentile 84.3%

Details

CWE
CWE-119
Status published
Products (1)
ultrafunk/popcorn 1.87
Published May 15, 2009
Tracked Since Feb 18, 2026