module

Mercury/32 4.01 IMAP LOGIN SEH Buffer Overflow

Disclosed	Created
2007-03-06	2018-05-30

Disclosed

2007-03-06

Created

2018-05-30

Description

This module exploits a stack buffer overflow in Mercury/32 LOGIN verb. By sending a specially crafted login command, a buffer
is corrupted, and code execution is possible. This vulnerability was
discovered by (mu-b at digit-labs.org).

Authors

mu-b
MC mc@metasploit.com
Ivan Racic

Platform

Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/windows/imap/mercury_login
    msf exploit(mercury_login) > show targets
        ...targets...
    msf exploit(mercury_login) > set TARGET < target-id >
    msf exploit(mercury_login) > show options
        ...show and set options...
    msf exploit(mercury_login) > exploit

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today