Mercury Mail Transport System AUTH CRAM-MD5 Buffer Overflow Vulnerability

Mercury Mail Transport System AUTH CRAM-MD5 Buffer Overflow Vulnerability

Mercury Mail Transport System is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks when handling AUTH CRAM-MD5 requests.

Attackers can exploit this issue to execute arbitrary code with the privileges of the user running the application. Successful exploits will compromise the computer. Failed exploit attempts will result in a denial of service.

Versions prior to Mercury/32 v4.52 and Mercury/NLM v1.49 are vulnerable.

UPDATE (August 28, 2007): Symantec has confirmed that this issue is being actively exploited in the wild.