Mercur Messaging 2005 version 5.0 SP3 and prior contain a buffer overflow vulnerability that could allow a remote attacker to execute arbitrary code on the affected system.
The vulnerability exists due to insufficient bounds checking in the IMAP services when handling certain LOGIN and SELECT commands. A remote attacker could exploit this vulnerability to trigger a buffer overflow. This condition could allow the attacker to execute arbitrary code on the affected system.
Exploit code is available to demonstrate the vulnerability.
Atrium Software has not acknowledged this vulnerability and patches are unavailable.