module
ActFax 5.01 RAW Server Buffer Overflow
| Disclosed | Created |
|---|---|
| 2013-02-05 | 2018-05-30 |
Disclosed
2013-02-05
Created
2018-05-30
Description
This module exploits a vulnerability in ActFax Server 5.01 RAW server. The RAW
Server can be used to transfer fax messages without any underlying protocols. To
note significant fields in the fax being transferred, like the fax number or the
recipient, ActFax data fields can be used. This module exploits a buffer overflow
in the handling of the @F506 fields due to the insecure usage of strcpy. This
module has been tested successfully on ActFax 5.01 over Windows XP SP3 (English).
Server can be used to transfer fax messages without any underlying protocols. To
note significant fields in the fax being transferred, like the fax number or the
recipient, ActFax data fields can be used. This module exploits a buffer overflow
in the handling of the @F506 fields due to the insecure usage of strcpy. This
module has been tested successfully on ActFax 5.01 over Windows XP SP3 (English).
Authors
Craig Freyman
corelanc0d3r
juan vazquez juan.vazquez@metasploit.com
corelanc0d3r
juan vazquez juan.vazquez@metasploit.com
Platform
Windows
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.