This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Ericom AccessNow Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the way AccessServer32.exe handles requests for non-existent files. AccessServer32.exe performs insufficient bounds checking on user-supplied data which results in stack corruption. An attacker can exploit this condition to achieve remote code execution as SYSTEM.