[VIM] vendor ACK for old YPOPs! issue

Steven M. Christey coley at mitre.org
Fri Oct 20 19:32:43 EDT 2006

Reference: CVE-2004-1558



(this is only intended to be within a frame; home site is

The vendor changelog "Version 0.6.1216 (16th December 2004) BETA" says
"Fixed the security issues raised in the following advisory" and
references BID:11256 and the hat-squad MISC.

- Steve

Name: CVE-2004-1558
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1558
Reference: BUGTRAQ:20040927 [Hat-Squad] Remote Buffer overflow Vulnerability in YahooPOPS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109630699829536&w=2
Reference: MISC:http://www.hat-squad.com/en/000075.html
Reference: BID:11256
Reference: URL:http://www.securityfocus.com/bid/11256
Reference: SECTRACK:1011426
Reference: URL:http://securitytracker.com/alerts/2004/Sep/1011426.html
Reference: XF:ypops-pop3-bo(17515)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17515
Reference: XF:ypops-smtp-bo(17518)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17518

Multiple stack-based buffer overflows in YahooPOPS (YPOPs) 0.4 through
0.6 allow remote attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a long (1) POP3 USER command or
(2) SMTP request.

More information about the VIM mailing list