Users login

Create an account »


Users login

Home » Hacking News » Unchecked buffer in PC-cillin

Unchecked buffer in PC-cillin

by Nikola Strahija on December 10th, 2002 Advisory ID : TEXONET-20021210 Authors : Joel Soderberg and Christer Oberg ([email protected]) Issue date : 12-10-2002 Application : PC-cillin (OfficeScan Corp. Edition 5.02) Version(s) : 2000, 2002 and 2003 Platforms : Windows 98/ME/2000/XP Availability :

PC-cillin has an unchecked buffer in pop3trap.exe

PC-cillin comes with a mail scanning feature that scans all incoming mail
viruses, this is accomplished by connecting the mail client to a local
listening on port 110 (pop3). This service is only listening for connections
from the local machine and acts as a proxy. The program running this service
is pop3trap.exe. Connecting to the local port 110 and sending a lot of
characters will crash the program with a direct hit on the EIP, this makes
possible to run malicious code. The code will be run using the privileges of
the user owning the pop3trap.exe process.

Example 1: perl -e " print "a"x1100" |nc 110

Example 2:[put 1100 a's here]

Download the appropriate Service Pack from:

Disclosure Timeline:
11/14/2002: Vendor notified by e-mail
11/15/2002: Standard support reply received from vendor
11/15/2002: Requested contact information from vendor
11/15/2002: Reply received from vendor with contact recommendations
11/15/2002: Advisory sent in accordance to vendors recommendations
11/21/2002: Vendor has verified the issue and is working on the solution
12/10/2002: Issue released to the public

About Texonet:
Texonet is a Swedish based security company with a focus on penetration
testing / security assessments, research and development.

Contacting Texonet:
E-mail: [email protected]
Phone: +46-8-55174611

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »