QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products.
A buffer overflow vulnerability in the EasyMail IMAP4 ActiveX control,
**emimap4.dll**, allows command execution when a user opens a web page which invokes this control with a specially crafted
Upgrade to EasyMail Objects 6.5 or higher, or set the kill bit for class ID 0CEA3FB1-7F88-4803-AA8E-AD021566955D as described in Microsoft Knowledge Base Article 240797.
Exploit works on Oracle Document Capture 10.1.3.5.0 and requires a user to open the exploit page in Internet Explorer 6 or 7.