ActFax RAW Server Stack Buffer Overflow

Added: 04/12/2013
BID: 57789
OSVDB: 89944

Background

ActFax is a Windows-based software package that sends, receives and electronically stores faxes.

Problem

The ActFax RAW server is vulnerable to a boundary error when processing the @F000 data field, which could result in stack-based buffer overflow. A remote attacker who sends a specially crafted command to server could exploit this vulnerability to execute arbitrary code within the context of the affected application.

Resolution

Contact the vendor for a patch.

References

http://secunia.com/advisories/52096/

Limitations

This exploit was tested against ActFax Server 5.01 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2644615.

ActFax is only vulnerable to this exploit in certain non-default configurations.

Platforms

Windows

Back to exploit index