Reported June 24, 2003, by NC Agent.
Atrium Software MERCUR Mail Server 4.02.09
· Multiple buffer-overflow vulnerabilities in Atrium Software MERCUR Mail Server 4.02.09 can result in the execution of arbitrary code on the vulnerable computer. If an attacker uses the EXAMINE, DELETE, SUBSCRIBE, RENAME, UNSUBSCRIBE, LIST, LSUB, STATUS, LOGIN, CREATE, or SELECT command to send a large amount of data, a buffer will overflow and cause the server to crash.
Atrium Software International has released version 220.127.116.11, which doesn't contain these vulnerabilities.
Discovered by NC Agent.