ActFax is a Windows-based software package that sends, receives and electronically stores faxes.
The ActFax RAW server is vulnerable to a boundary error when processing the
**@F000** data field, which could result in stack-based buffer overflow. A remote attacker who sends a specially crafted command to server could exploit this vulnerability to execute arbitrary code within the context of the affected application.
Contact the vendor for a patch.
This exploit was tested against ActFax Server 5.01 on Microsoft Windows Server 2003 SP2 English (DEP OptOut) with KB956802 and KB2644615.
ActFax is only vulnerable to this exploit in certain non-default configurations.