source: http://www.securityfocus.com/bid/790/info The POP server that is part of the NetcPlus SmartServer3 email server has an unchecked buffer that could allow an attacker to execute code on the server. If the USER command is followed by an argument of over 800 characters, the input buffer will be overflowed, and data from the argument will be passed to the system to be executed at the privelege level of the SmartServer program. https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/19617.zip