9.3
CVE-2013-10064
- EPSS 1.3%
- Veröffentlicht 05.08.2025 19:58:41
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle disclosure@vulncheck.com
- CVE-Watchlists
- Unerledigt
ActFax 5.01 RAW Server Buffer Overflow
A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this vulnerability by sending specially crafted @F506 fields, potentially leading to arbitrary code execution. Successful exploitation requires network access to TCP port 4559 and does not require authentication.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerActFax Communication
≫
Produkt
ActFax Server
Default Statusunknown
Version
5.01
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.3% | 0.667 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| disclosure@vulncheck.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-121 Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
http://www.actfax.com/
https://web.archive.org/web/20130212065755/http://www.pwnag3.com/2013/02/actfax-raw-server-exploit.html
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/actfax_raw_server_bof.rb
https://www.exploit-db.com/exploits/24467
https://www.vulncheck.com/advisories/actfax-raw-server-buffer-overflow