SurgeMail (http://netwinsite.com/surgemail/) is "a well known commercial multiplatform mail server which supports many protocols". A format string and a buffer overflow vulnerability in SurgeMail have been discovered, these vulnerabilities allow a remote attacker to overflow a buffer and manipulate the way the product works.

http://www.securiteam.com/windowsntfocus/5EP040UNPU.html