CVE-2013-10064

05.08.2025, 20:15

A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this vulnerability by sending specially crafted @F506 fields, potentially leading to arbitrary code execution. Successful exploitation requires network access to TCP port 4559 and does not require authentication.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
VulnCheck	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-121 - Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

References

http://www.actfax.com/

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/actfax_raw_server_bof.rb

https://web.archive.org/web/20130212065755/http://www.pwnag3.com/2013/02/actfax-raw-server-exploit.html

https://www.exploit-db.com/exploits/24467

https://www.vulncheck.com/advisories/actfax-raw-server-buffer-overflow