Unrated severityNVD Advisory· Published Dec 31, 2003· Updated Apr 16, 2026

CVE-2003-1177

Description

Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before SP3a allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long (1) AUTH command to the POP3 server or (2) AUTHENTICATE command to the IMAP server.

Affected products

Atrium Software/Mercur Mailserver8 versions
cpe:2.3:a:atrium_software:mercur_mailserver:3.3:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:atrium_software:mercur_mailserver:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:atrium_software:mercur_mailserver:3.3_sp1:*:*:*:*:*:*:*
- cpe:2.3:a:atrium_software:mercur_mailserver:3.3_sp2:*:*:*:*:*:*:*
- cpe:2.3:a:atrium_software:mercur_mailserver:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:atrium_software:mercur_mailserver:4.1_sp1:*:*:*:*:*:*:*
- cpe:2.3:a:atrium_software:mercur_mailserver:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:atrium_software:mercur_mailserver:4.2_sp1:*:*:*:*:*:*:*
- cpe:2.3:a:atrium_software:mercur_mailserver:4.2_sp2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/10038nvdPatch
archives.neohapsis.com/archives/fulldisclosure/2003-q4/1459.htmlnvdExploit
www.securiteam.com/windowsntfocus/6U00N1P8KC.htmlnvdExploit
www.securityfocus.com/bid/8861nvdExploit
www.securityfocus.com/bid/8889nvdExploit
www.atrium-software.com/mail%20server/pub/mcr42sp3a.htmlnvd
www.osvdb.org/2688nvd
exchange.xforce.ibmcloud.com/vulnerabilities/13468nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.019
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000