Mercury SMTPD CRAM-MD5 Pre-Auth Buffer Overflow Exploit Update

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Mercury Mail Transport System. The vulnerability is caused due to a boundary error within Mercury/32 SMTP Server Module (mercurys.dll) when processing arguments to the AUTH CRAM-MD5 command. This can be exploited to cause a stack-based buffer overflow via an overly long, specially-crafted argument passed to the affected command. This update adds support for DEP (Data Execution Prevention).
Exploit type: 
Platform: 
Vulnerabilty ID: 
CVE-2007-4440
Product Version: 
8.0
Released Date: 
Friday, February 13, 2009 - 00:00