Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
BID:23058
Info
Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
| Bugtraq ID: | 23058 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 20 2007 12:00AM |
| Updated: | Mar 21 2007 04:03PM |
| Credit: | mu-b is credited with the discovery of this issue. |
| Vulnerable: |
Atrium Software Mercur IMAPD 1 SP4 |
| Not Vulnerable: | |
Discussion
Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
Mercur IMAPD is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
Version 1 SP4 is vulnerable; other versions may also be affected.
Mercur IMAPD is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.
An attacker may exploit this issue to execute arbitrary machine code in the context of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.
Version 1 SP4 is vulnerable; other versions may also be affected.
Exploit / POC
Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
The following proof-of-concept exploit is available:https://www.immunityinc.com/downloads/immpartners/MercurImapSubscribe.tar
The following proof-of-concept exploit is available:https://www.immunityinc.com/downloads/immpartners/MercurImapSubscribe.tar
Solution / Fix
Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Atrium Mercur IMapD NTLM Buffer Overflow Vulnerability
References:
References:
- Vendor Homepage (Atrium Software)