Primary

Context

Tabs Mail Carrier Buffer Overflow Vulnerability in MAIL FROM SMTP Command

Vulnerability

A buffer overflow vulnerability has been identified in Tabs Mail Carrier version 2.5.1, specifically within the MAIL FROM SMTP command. This vulnerability allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter with an oversized buffer. The exploitation involves overwriting the EIP register to execute a bind shell payload. Attackers can connect to the SMTP service on port 25 to carry out this attack.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by connecting to the target's SMTP service on port 25. After establishing the connection, send an EHLO command followed by a MAIL FROM command that includes a buffer crafted to overflow and overwrite the EIP register. This buffer should be appended with a payload that, once executed, opens a bind shell.

Added: Mar 24, 2026, 12:18 PM

Updated: Mar 24, 2026, 12:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

8.9

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

7.5

exploitability

8.9

remediation

0.0

relevance

4.6

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Tabs Mail Carrier Buffer Overflow Vulnerability in MAIL FROM SMTP Command

Vulnerability

Impact

Reproduction

Affected Products

Tabs Mail Carrier

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating