Critical severityNVD Advisory· Published Aug 5, 2025· Updated Apr 15, 2026

CVE-2013-10064

Description

A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this vulnerability by sending specially crafted @F506 fields, potentially leading to arbitrary code execution. Successful exploitation requires network access to TCP port 4559 and does not require authentication.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.actfax.comnvd
raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/actfax_raw_server_bof.rbnvd
web.archive.org/web/20130212065755/http://www.pwnag3.com/2013/02/actfax-raw-server-exploit.htmlnvd
www.exploit-db.com/exploits/24467nvd
www.vulncheck.com/advisories/actfax-raw-server-buffer-overflownvd

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.051
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000