NetCPlus is the maker of low-cost business email solutions such as SmartServer3, BrowseGate, and MailTreeve. SmartServer3 is a product that integrates SMTP and POP3 servers. The POP3 server, however, has a security hole in the form of a buffer overflow. If a large string is sent (~1000 characters) to the POP3 server, the server replies with "-ERR non- existent command" and the POP3 server stops running. This causes a page fault in KERNEL32.DLL, but does not appear to be exploitable. However, when the string "USER <~800 char's>\r\n\r\n" is sent, a fault is caused in NCPOPSERV.EXE. This can be exploited to allow a remote attacker to execute arbitrary code on the victim server.
