Author: securma massine MorX Security Research Team http://www.morx.org Product info : EXchangepop3 is an email gateway (connector) that retrieves messages from Internet POP3 email accounts and delivers them to Exchange Server. Vulnerability Description: eXchangepop3 is vulnerable to buffer overflow attack. boundary errors in the handling of the RCPT TO (smtp) commands by sending a large buffer, allow remote users to set a new Instruction Pointer to execute arbitrary code and gain access on system. C:\>nc 127.0.0.1 25 220 aaa ESMTP mail [enter] 250 OK rcpt to: