CVE-2009-3838

Pegasus Mail 4.41 - Stack-based Buffer Overflow via Long POP3 Error Message

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3838. PoCs published by Francis Provencher.

AI-analyzed exploit summary This exploit demonstrates a remote buffer overflow (BoF) in Pegasus Mail Client by sending an oversized payload to the POP3 port (110), causing a denial-of-service (DoS). The PoC uses a Perl script to send a malformed '-ERR' response with a large 'A' string to trigger the vulnerability.

Description

Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Francis Provencher · textremotewindows

https://www.exploit-db.com/exploits/9957

View Code ZIP pw:eip

This exploit demonstrates a remote buffer overflow (BoF) in Pegasus Mail Client by sending an oversized payload to the POP3 port (110), causing a denial-of-service (DoS). The PoC uses a Perl script to send a malformed '-ERR' response with a large 'A' string to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Pegasus Mail Client 4.51 (win32)

No auth needed

Prerequisites: Network access to the target's POP3 port (110)

MITRE ATT&CK