Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.
Published 2004-12-31 05:00:00
Updated 2017-07-11 01:31:06
Source MITRE
View at NVD,   CVE.org
Vulnerability category: OverflowExecute code

Products affected by CVE-2004-1520

Exploit prediction scoring system (EPSS) score for CVE-2004-1520

96.02%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2004-1520

  • Mdaemon 8.0.3 IMAPD CRAM-MD5 Authentication Overflow
    Disclosure Date: 2004-11-12
    First seen: 2020-04-26
    exploit/windows/imap/mdaemon_cram_md5
    This module exploits a buffer overflow in the CRAM-MD5 authentication of the MDaemon IMAP service. This vulnerability was discovered by Muts. Authors: - Unknown
  • IMail IMAP4D Delete Overflow
    Disclosure Date: 2004-11-12
    First seen: 2020-04-26
    exploit/windows/imap/imail_delete
    This module exploits a buffer overflow in the 'DELETE' command of the IMail IMAP4D service. This vulnerability can only be exploited with a valid username and password. This flaw was patched in version 8.14. Authors: - spoonm <spoonm@no$email.com>

CVSS scores for CVE-2004-1520

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
4.6
MEDIUM AV:L/AC:L/Au:N/C:P/I:P/A:P
3.9
6.4
NIST

References for CVE-2004-1520

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!