CVE-2019-25364 PUBLISHED

Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow

Assigner: VulnCheck
Reserved: 13.02.2026 Published: 18.02.2026 Updated: 18.02.2026

MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor TABS Laboratories Corporation
Product Win10 MailCarrier
Versions
  • Version 2.51 is affected

Credits

  • Lance Biggerstaff, Dino Covotsos - Telspace Systems finder

References

Problem Types

  • Stack-based Buffer Overflow CWE