Vulnerability Note VU#157961

PC-cillin "pop3trap.exe" vulnerable to buffer overflow via long string of characters

Original Release date: 18 Dec 2002 | Last revised: 18 Dec 2002


A locally exploitable buffer overflow exists in PC-cillin.


Trend Micro describes PC-cillin as follows:

    Trend Micro PC-cillin provides all-in-one antivirus security, personal firewall, and PDA protection for your PC. The user-friendly interface makes it easy to install and use. It defends your system from viruses, hackers, and other Internet security threats in email, attachments, Internet downloads, and instant messaging.

PC-cillin has the capability to scan incoming email for viruses. PC-cillin does this by running a local pop3 proxy daemon (pop3trap.exe). Trend Micro describes pop3trap.exe as follows:
    Trend Micro's pop3trap.exe is an application level proxy for POP3 defined in RFC 1939. It forwards the local POP3 client requests to a remote server running on a different machine, mostly at the ISP-side. The service is only accessible from the localhost with IP address The pop3trap.exe application runs transparent in the background and scans all mails received by POP3.
A buffer overflow in pop3trap.exe may allow a local attacker to execute arbitrary code with the privileges of the pop3 proxy.


A local attacker may be able to execute arbitrary code with the privileges of the pop3 proxy.


Apply a patch.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Trend MicroAffected-18 Dec 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



This vulnerability was publicly reported by Joel Soderberg and Christer Oberg.

This document was written by Ian A Finlay.

Other Information

  • CVE IDs: Unknown
  • Date Public: 10 Dec 2002
  • Date First Published: 18 Dec 2002
  • Date Last Updated: 18 Dec 2002
  • Severity Metric: 20.05
  • Document Revision: 7


If you have feedback, comments, or additional information about this vulnerability, please send us email.