EasyMail IMAP4 ActiveX Control LicenseKey buffer overflow

2009-11-16T00:00:00
ID SAINT:8DC5126C611702BD6053BDC7744A7B34
Type saint
Reporter SAINT Corporation
Modified 2009-11-16T00:00:00

Description

Added: 11/16/2009
OSVDB: 59938

Background

QuikSoft EasyMail Objects is a set of ActiveX controls which provide e-mail functionality. QuikSoft EasyMail Objects is included with Oracle Document Capture among other products.

Problem

A buffer overflow vulnerability in the EasyMail IMAP4 ActiveX control, **emimap4.dll**, allows command execution when a user opens a web page which invokes this control with a specially crafted **LicenseKey** property.

Resolution

Upgrade to EasyMail Objects 6.5 or higher, or set the kill bit for class ID 0CEA3FB1-7F88-4803-AA8E-AD021566955D as described in Microsoft Knowledge Base Article 240797.

References

<http://secunia.com/advisories/37269/>
<http://secunia.com/advisories/24199/>

Limitations

Exploit works on Oracle Document Capture 10.1.3.5.0 and requires a user to open the exploit page in Internet Explorer 6 or 7.

Platforms

Windows