Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.
CVE-2004-1211
- High exploitation likelihood — EPSS 72%
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- —
- EG Score
- 0.0(none)
- EPSS
- 99.4%
- KEV
- Not listed
Published
January 10, 2005
Last Modified
June 16, 2026
References (14)
- cve@mitrehttp://home.kabelfoon.nl/~jaabogae/han/m_401b.html
- cve@mitrehttp://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029701.html
- cve@mitrehttp://marc.info/?l=bugtraq&m=110193702909991&w=2
- cve@mitrehttp://secunia.com/advisories/13348
- cve@mitrehttp://www.osvdb.org/12508
- cve@mitrehttp://www.securityfocus.com/bid/11775
- cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/18318
- af854a3a-2127-422b-91ae-364da2661108http://home.kabelfoon.nl/~jaabogae/han/m_401b.html
- af854a3a-2127-422b-91ae-364da2661108http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/029701.html
- af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110193702909991&w=2
- af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/13348
- af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/12508
- af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11775
- af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18318
Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 4× in last 7d / 17× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-13 06:07 UTCEPSS rescore
- 2026-07-11 08:22 UTCEPSS rescore
- 2026-07-11 08:22 UTCEPSS rescore
- 2026-07-08 15:09 UTCEPSS rescore
- 2026-07-04 06:26 UTCEPSS rescore
- 2026-07-02 14:00 UTCEPSS rescore
- 2026-06-27 03:04 UTCEPSS rescore
- 2026-06-23 21:29 UTCEPSS rescore
- 2026-06-21 14:52 UTCEPSS rescore
- 2026-06-21 01:56 UTCEPSS rescore
- 2026-06-18 17:49 UTCEPSS rescore
- 2026-06-18 17:49 UTCEPSS rescore
- 2026-06-17 17:49 UTCEPSS rescore
- 2026-06-17 17:49 UTCEPSS rescore
- 2026-06-16 17:49 UTCEPSS rescore
- 2026-06-16 17:49 UTCEPSS rescore
- 2026-06-15 17:43 UTCEPSS rescore
- 2026-06-12 23:08 UTCEPSS rescore
- 2026-06-11 13:55 UTCEPSS rescore
- 2026-06-10 22:13 UTCEPSS rescore
- 2026-06-08 14:13 UTCEPSS rescore
- 2026-06-07 15:21 UTCEPSS rescore
- 2026-06-06 13:44 UTCEPSS rescore
- 2026-06-06 13:44 UTCEPSS rescore
- 2026-06-06 13:44 UTCEPSS rescore
Show 22 moreShow fewer
- 2026-06-05 22:43 UTCEPSS rescore
- 2026-06-05 22:43 UTCEPSS rescore
- 2026-06-05 06:07 UTCEPSS rescore
- 2026-06-04 13:09 UTCEPSS rescore
- 2026-06-02 20:10 UTCEPSS rescore
- 2026-05-31 14:31 UTCEG score recompute
- 2026-05-31 14:31 UTCGHSA enrichment
- 2026-05-31 00:13 UTCEPSS rescore
- 2026-05-31 00:13 UTCEPSS rescore
- 2026-05-29 13:40 UTCEPSS rescore
- 2026-05-29 13:40 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-27 13:37 UTCEPSS rescore
- 2026-05-24 16:42 UTCEPSS rescore
- 2026-05-22 21:15 UTCEPSS rescore
- 2026-05-20 22:36 UTCEPSS rescore
- 2026-05-20 11:20 UTCEPSS rescore
- 2026-05-20 11:20 UTCEPSS rescore
- 2026-05-18 21:29 UTCEPSS rescore
- 2026-05-18 21:29 UTCEPSS rescore
Publicly available exploits
(8 references)Working exploit code is in the public domain (1 Metasploit module) (7 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- Exploit-DBEDB-16484✓ verifiedFirst seen May 9, 2010
Mercury/32 Mail Server 4.01a - IMAP RENAME Buffer Overflow (Metasploit)
Open source ↗ - Exploit-DBEDB-4316✓ verifiedFirst seen Aug 26, 2007
Mercury/32 Mail Server 3.32 < 4.51 - SMTP EIP Overwrite
Open source ↗ - Exploit-DBEDB-3561✓ verifiedFirst seen Mar 24, 2007
Mercury/32 Mail Server 4.0.1 - 'LOGIN' Remote IMAP Stack Buffer Overflow
Open source ↗ - Exploit-DBEDB-670✓ verifiedFirst seen Dec 1, 2004
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (2)
Open source ↗ - Exploit-DBEDB-1159✓ verifiedFirst seen Dec 1, 2004
Mercury/32 Mail Server 4.01a - 'check' Buffer Overflow
Open source ↗ - Exploit-DBEDB-668✓ verifiedFirst seen Nov 30, 2004
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (1)
Open source ↗ - Exploit-DBEDB-663✓ verifiedFirst seen Nov 29, 2004
Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (3)
Open source ↗ - Metasploitexploit/windows/imap/mercury_rename✓ verifiedFirst seen Nov 29, 2004
Mercury/32 v4.01a IMAP RENAME Buffer Overflow
Open source ↗
Related CVEs(same CWE)
Same CWE
10 shownCWE-119
Frequently asked(4)
What is CVE-2004-1211?
When was CVE-2004-1211 disclosed?
Is CVE-2004-1211 actively exploited?
How do I remediate CVE-2004-1211?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2004-1211
Is Your Infrastructure Affected by CVE-2004-1211?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.