Home

Description

CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly validate the length of input strings, allowing data to exceed the bounds of a fixed-size stack buffer. When invoked with an overly long string, the control can corrupt adjacent memory structures, including exception handlers, leading to potential control flow disruption.

PUBLISHED Reserved 2025-08-20 | Published 2025-08-21 | Updated 2025-08-22 | Assigner VulnCheck




HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-121 Stack-based Buffer Overflow

Product status

Default status
unaffected

*
affected

Credits

Lincoln finder

References

raw.githubusercontent.com/...er/communicrypt_mail_activex.rb exploit

www.exploit-db.com/exploits/12663 exploit

www.broadcom.com/...enter/attacksignatures/detail?asid=24374 third-party-advisory

softwarelode.com/4185/details-communicrypt-mail.html product

www.fortiguard.com/encyclopedia/ips/23099 third-party-advisory

www.vulncheck.com/...pt-mail-activex-control-buffer-overflow third-party-advisory

cve.org (CVE-2010-20119)

nvd.nist.gov (CVE-2010-20119)

Download JSON