Mercury · Mercury Mail Transport System · CVE-2007-4440
**Name of the Vulnerable Software and Affected Versions**
Mercury Mail Transport System versions prior to 4.51
**Description**
The issue is a stack-based buffer overflow in the MercuryS SMTP server, which can be exploited by remote attackers to execute arbitrary code. This is achieved by sending a long AUTH CRAM-MD5 string.
**Recommendations**
For versions prior to 4.51, consider disabling the AUTH CRAM-MD5 authentication mechanism until a patch is available to prevent exploitation of the buffer overflow.