Intrusion Prevention



This indicates a vulnerability in Mercury Mail Transport System. The vulnerability is caused by a stack buffer overflow error in the smtp service. The overflow occurs when the vulnerable software handles an AUTH CRAM-MD5 command. It allows remote attackers to execute arbitrary code by sending an AUTH CRAM-MD5 command with a long argument.

Affected Products

Mercury Mail Transport System version 4.51 and prior.


System compromise, arbitrary code execution.

Recommended Actions

Currently we are not aware of any official fix for this issue.

CVE References