CVE-2004-1211

Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/11775	Exploit Patch Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029701.html
http://home.kabelfoon.nl/~jaabogae/han/m_401b.html
http://www.osvdb.org/12508
http://secunia.com/advisories/13348	Vendor Advisory
http://marc.info/?l=bugtraq&m=110193702909991&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18318

Configurations

Configuration 1 (hide)

cpe:2.3:a:david_harris:mercury:4.0.1a:*:win32:*:*:*:*:*

Information

Published : 2005-01-09 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-1211

Mitre link : CVE-2004-1211

JSON object : View

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Products Affected

david_harris

mercury

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/11775", "name": "11775", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029701.html", "name": "20041201 Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.", "tags": [], "refsource": "FULLDISC"}, {"url": "http://home.kabelfoon.nl/~jaabogae/han/m_401b.html", "name": "http://home.kabelfoon.nl/~jaabogae/han/m_401b.html", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/12508", "name": "12508", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/13348", "name": "13348", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=110193702909991&w=2", "name": "20041201 Multiple buffer overflows exist in Mercury/32, v4.01a, Dec 8 2003.", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18318", "name": "mercury-command-bo(18318)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-119"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1211", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-01-10T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:david_harris:mercury:4.0.1a:*:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}

10.0 /10