High severityNVD Advisory· Published Aug 21, 2025· Updated Apr 15, 2026
CVE-2010-20119
CVE-2010-20119
Description
CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly validate the length of input strings, allowing data to exceed the bounds of a fixed-size stack buffer. When invoked with an overly long string, the control can corrupt adjacent memory structures, including exception handlers, leading to potential control flow disruption.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/browser/communicrypt_mail_activex.rbnvd
- softwarelode.com/4185/details-communicrypt-mail.htmlnvd
- www.broadcom.com/support/security-center/attacksignatures/detailnvd
- www.exploit-db.com/exploits/12663nvd
- www.fortiguard.com/encyclopedia/ips/23099nvd
- www.vulncheck.com/advisories/communicrypt-mail-activex-control-buffer-overflownvd
News mentions
0No linked articles in our index yet.