CVE-2010-20119

CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly validate the length of input strings, allowing data to exceed the bounds of a fixed-size stack buffer. When invoked with an overly long string, the control can corrupt adjacent memory structures, including exception handlers, leading to potential control flow disruption.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/communicrypt_mail_activex.rb
https://softwarelode.com/4185/details-communicrypt-mail.html
https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=24374
https://www.exploit-db.com/exploits/12663
https://www.fortiguard.com/encyclopedia/ips/23099
https://www.vulncheck.com/advisories/communicrypt-mail-activex-control-buffer-overflow

Configurations

No configuration.

History

22 Aug 2025, 18:08

Type	Values Removed	Values Added
Summary		(es) Las versiones de CommuniCrypt Mail hasta la 1.16 incluida contienen una vulnerabilidad de desbordamiento de búfer en la pila de sus controles ActiveX ANSMTP.dll y AOSMTP.dll, específicamente en el método AddAttachments(). Este método no valida correctamente la longitud de las cadenas de entrada, lo que permite que los datos excedan los límites de un búfer de pila de tamaño fijo. Al invocarse con una cadena demasiado larga, el control puede corromper las estructuras de memoria adyacentes, incluyendo los manejadores de excepciones, lo que puede provocar una interrupción del flujo de control.

21 Aug 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-21 20:15

Updated : 2025-08-22 18:08

NVD link : CVE-2010-20119

Mitre link : CVE-2010-20119

CVE.ORG link : CVE-2010-20119

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2010-20119", "cveTags": [{"tags": ["unsupported-when-assigned"], "sourceIdentifier": "disclosure@vulncheck.com"}], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-21T20:15:31.400", "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/communicrypt_mail_activex.rb", "source": "disclosure@vulncheck.com"}, {"url": "https://softwarelode.com/4185/details-communicrypt-mail.html", "source": "disclosure@vulncheck.com"}, {"url": "https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=24374", "source": "disclosure@vulncheck.com"}, {"url": "https://www.exploit-db.com/exploits/12663", "source": "disclosure@vulncheck.com"}, {"url": "https://www.fortiguard.com/encyclopedia/ips/23099", "source": "disclosure@vulncheck.com"}, {"url": "https://www.vulncheck.com/advisories/communicrypt-mail-activex-control-buffer-overflow", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly validate the length of input strings, allowing data to exceed the bounds of a fixed-size stack buffer. When invoked with an overly long string, the control can corrupt adjacent memory structures, including exception handlers, leading to potential control flow disruption."}, {"lang": "es", "value": "Las versiones de CommuniCrypt Mail hasta la 1.16 incluida contienen una vulnerabilidad de desbordamiento de b\u00fafer en la pila de sus controles ActiveX ANSMTP.dll y AOSMTP.dll, espec\u00edficamente en el m\u00e9todo AddAttachments(). Este m\u00e9todo no valida correctamente la longitud de las cadenas de entrada, lo que permite que los datos excedan los l\u00edmites de un b\u00fafer de pila de tama\u00f1o fijo. Al invocarse con una cadena demasiado larga, el control puede corromper las estructuras de memoria adyacentes, incluyendo los manejadores de excepciones, lo que puede provocar una interrupci\u00f3n del flujo de control."}], "lastModified": "2025-08-22T18:08:51.663", "sourceIdentifier": "disclosure@vulncheck.com"}