汇总 pmail 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
历史漏洞主要涉及 缓冲区溢出与输入验证问题 等问题,部分漏洞可能导致 应用崩溃,并影响 软件部署与生产负载 相关场景。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2017-9046 | winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack. | [email protected] | 7.3 | 0.57% | 2017-05-21 | 2026-06-16 |
| CVE-2009-3838 | Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message. | [email protected] | 9.3 | 6.21% | 2009-11-02 | 2026-06-16 |
| CVE-2007-4440 | Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961. | [email protected] | 7.5 | 64.51% | 2007-08-20 | 2026-06-16 |
| CVE-2007-1373 | Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961. | [email protected] | 10.0 | 58.69% | 2007-03-09 | 2026-06-16 |
| CVE-2004-2513 | Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command. | [email protected] | 10.0 | 9.78% | 2004-12-31 | 2026-06-16 |
| CVE-1999-0098 | Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities. | [email protected] | 10.0 | 3.14% | 1998-04-01 | 2026-06-16 |