POP3: PC-Cillin pop3trap.exe Buffer Overflow
This signature detects attempts to exploit a known vulnerability against the pop3trap.exe in PC-Cillin 5.02 running on Windows 98, ME, 2000, and XP. If PC-Cillin is scanning for incoming pop3 traffic, attackers can overflow the buffer to execute arbitrary code.
Extended Description
A buffer overflow vulnerability has been reported for PC-cillin's mail scanning utility. An attacker can exploit this vulnerability by connecting to a vulnerable pop3trap.exe service and sending an overly long string. This will result in the process crashing and allowing the attacker to gain control over the execution of the process.
Affected Products
Trend_micro pc-cillin
References
BugTraq: 6350
CVE: CVE-2002-1349
URL: http://www.security.nnov.ru/search/document.asp?docid=3859 http://www.kb.cert.org/vuls/id/157961
Short Name
POP3:OVERFLOW:PCCILLIN-POP-OF
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
POP3
Keywords
Buffer CVE-2002-1349 Overflow PC-Cillin bid:6350 pop3trap.exe
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Trend_micro
CVSS Score
4.6