CVE-2003-0264 : Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO arg

Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers to execute arbitrary code via (1) a long EHLO argument to slmail.exe, (2) a long XTRN argument to slmail.exe, (3) a long string to POPPASSWD, or (4) a long password to the POP3 server.

Published 2003-05-27 04:00:00

Updated 2021-02-24 17:15:15

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2003-0264

Probability of exploitation activity in the next 30 days: 24.22%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2003-0264

Seattle Lab Mail 5.5 POP3 Buffer Overflow

Disclosure Date: 2003-05-07

First seen: 2020-04-26

exploit/windows/pop3/seattlelab_pass

There exists an unauthenticated buffer overflow vulnerability in the POP3 server of Seattle Lab Mail 5.5 when sending a password with excessive length. Successful exploitation should not crash either the service or the server; however, after initial use th

More information

CVSS scores for CVE-2003-0264

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2003-0264

Products affected by CVE-2003-0264

Seattle Lab Software » Slmail » Version: 5.1.0.4420
cpe:2.3:a:seattle_lab_software:slmail:5.1.0.4420:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2003-0264

Exploit prediction scoring system (EPSS) score for CVE-2003-0264

Metasploit modules for CVE-2003-0264

Seattle Lab Mail 5.5 POP3 Buffer Overflow

CVSS scores for CVE-2003-0264

References for CVE-2003-0264

Products affected by CVE-2003-0264