CNNVD-202508-773 Information
CNNVD ID
CNNVD-202508-773
Related CVE
- CNNVD Published: 2025-08-08
Description (Chinese)
ActFax Server是奥地利ActFax公司的一款传真服务器软件。 ActFax Server 4.32版本存在安全漏洞,该漏洞源于导入用户功能中未验证.exp文件字段长度,可能导致栈缓冲区溢出和任意代码执行。
Description (English)
ActFax Server is a fax server software for ActFax, Austria. There is a security loophole in the version of ActFax Server 4.32, which stems from the unverified length of the .exp file field in the imported user function, which could lead to a spill over the fence and any code execution.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
ActFax
Published
2025-08-08
Last Modified
2026-02-24
References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/actfax_import_users_bof.rb http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html https://web.archive.org/web/20130712072809/ https://www.actfax.com/ https://www.exploit-db.com/exploits/20915 https://www.vulncheck.com/advisories/actfax-client-importer-buffer-overflow https://access.redhat.com/security/cve/cve-2012-10043
Patch
https://www.actfax.com/en/download.html
Share on: