Added: 04/03/2007
CVE: CVE-2007-1578
BID: 23058
OSVDB: 33545
[MERCUR Messaging Server](<http://www.atrium-software.com/index.php?conte
nt=mercur>) is an e-mail server supporting the SMTP, POP3, and IMAP protocols for Windows platforms.
A buffer overflow vulnerability in MERCUR Messaging Server allows remote attackers to execute arbitrary commands by sending a specially crafted NTLM Type 3 message to the imapd service.
Upgrade to MERCUR Messaging Server 5.0 SP5 or higher when available.
<http://secunia.com/advisories/24596>
Exploit works on MERCUR Messaging Server 5.0 SP3 and SP4 on Windows 2000.
Windows