CVE-2009-3837

Exploitation Summary

EIP tracks 4 public exploits for CVE-2009-3837. PoCs published by Metasploit, Dr_IDE & dookie, Francis Provencher, including Metasploit module exploits/windows/misc/eureka_mail_err.

AI-analyzed exploit summary This exploit targets a buffer overflow in Eureka Email 2.2q via an overly long ERR message in a POP3 response. It leverages a JMP ESP instruction in user32.dll to execute arbitrary shellcode, with payload constraints including bad characters and stack adjustments.

Description

Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16443

View Code ZIP pw:eip

This exploit targets a buffer overflow in Eureka Email 2.2q via an overly long ERR message in a POP3 response. It leverages a JMP ESP instruction in user32.dll to execute arbitrary shellcode, with payload constraints including bad characters and stack adjustments.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Eureka Email 2.2q

No auth needed

Prerequisites: Victim must manually check mail (Ctrl-M) in Eureka Email · Attacker must control or intercept POP3 traffic

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Dr_IDE & dookie · pythonremotewindows

https://www.exploit-db.com/exploits/10235

View Code ZIP pw:eip

This exploit targets a buffer overflow in Eureka Mail Client by setting up a fake SMTP server on port 110. It uses an egghunter and a bind shell payload to achieve remote code execution on Windows XP SP3.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Eureka Mail Client (version not specified, tested on Windows XP SP3)

No auth needed

Prerequisites: Victim must connect to the attacker's fake SMTP server · Eureka Mail Client must be configured to use the attacker's server

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Francis Provencher · textdoswindows

https://www.exploit-db.com/exploits/9881

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Eureka Mail 2.2q via a crafted payload sent to port 110. It overwrites EIP with a return address pointing to a JMP ESP instruction in kernel32.dll, followed by shellcode to execute cmd.exe.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Eureka Mail 2.2q

No auth needed

Prerequisites: Network access to the target's port 110 · Eureka Mail 2.2q running on Windows XP SP2

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Francis Provencher (Protek Research Labs), Dr_IDE, dookie, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/eureka_mail_err.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in Eureka Email 2.2q via an excessively long ERR message, targeting the POP3 protocol. It leverages a stack-based overflow to achieve remote code execution by overwriting the return address with a JMP ESP instruction.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Eureka Email 2.2q

No auth needed

Prerequisites: Network access to the target's POP3 port (110) · Target must manually check mail (Ctrl-M)

MITRE ATT&CK