The Quiksoft EasyMail SMTP ActiveX control contains multiple stack buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Quiksoft EasyMail Objects is a set of ActiveX controls that provides email functionality, including SMTP, POP3, and IMAP4. The EasyMail SMTP ActiveX control, which is provided by emsmtp.dll, contains multiple stack buffer overflow vulnerabilities.
This control is bundled with several applications, including Earthlink internet access software. Exploit code for this vulnerability is publicly available.
A remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system with privileges of the user.
We are currently unaware of a practical solution to this problem. Please consider the following workarounds
This vulnerability was reported by Will Dormann of the CERT/CC. The vulnerability was also independently discovered and publicly disclosed by rgod.
This document was written by Will Dormann.
|Date First Published:||2007-08-29|
|Date Last Updated:||2007-08-30 20:08 UTC|