What is CVE-2007-4440?

CVE-2007-4440 is a vulnerability in N/a. Published 2007-08-21.

Is CVE-2007-4440 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2007-4440

Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961.

EPSS: 0.839 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

26519 (x_refsource_SECUNIA, third-party-advisory)
20070818 Mercury SMTPD Remote Preauth Stack Based Overrun (mailing-list, x_refsource_FULLDISC)
ADV-2007-2918 (vdb-entry, x_refsource_VUPEN)
4294 (exploit, x_refsource_EXPLOIT-DB)
www.pmail.com/m32_451.htm (x_refsource_CONFIRM)
25357 (vdb-entry, x_refsource_BID)
mercury-smtp-bo(36117) (vdb-entry, x_refsource_XF)
1018587 (vdb-entry, x_refsource_SECTRACK)
mercury-authcrammd5-bo(36299) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2007-4440?: CVE-2007-4440 is a vulnerability in N/a. Published 2007-08-21.
Is CVE-2007-4440 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.