EasyMail SMTP ActiveX Control AddAttachment buffer overflow

Added: 12/10/2009
BID: 36440
OSVDB: 59939

Background

QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products.

Problem

A stack buffer overflow vulnerability in the EasyMail.SMTP.6 ActiveX control (emsmtp.dll) allows remote command execution when a user opens a specially crafted web page that invokes this control with an overly long argument to the AddAttachment method.

Resolution

Upgrade to EasyMail Objects 6.5 or higher, or set the kill bit for class ID 68AC0D5F-0424-11D5-822F-00C04F6BA8D9 as described in Microsoft Knowledge Base Article 240797.

References

http://secunia.com/advisories/24199/

Limitations

Exploit works on Oracle Document Capture 10.1.3.5.0.
The user must open the exploit page using Internet Explorer 6 or 7.

Platforms

Windows

Back to exploit index