Intrusion Prevention

EasyMail.Objects.EMSMTP.DLL.ActiveX.Control.Code.Execution

Description

This indicates an attack attempt against a Buffer Overflow vulnerability in the Quiksoft EasyMail SMTP Object.
The vulnerability is caused by an error in the "EasyMailSMTPObj" ActiveX control, in "emsmtp.dll", when the vulnerable software handles a specially crafted argument to the "SubmitToExpress" method. It allows a remote attacker to execute arbitrary code.

Affected Products

Quiksoft EasyMail Objects 'emsmtp.dll' 6.0.1
PostCast PostCast Server Pro 3.0.61

Impact

System Compromise: Remote attackers can execute arbitrary code on vulnerable systems.

Recommended Actions

Upgrade to the latest versions:
http://www.postcastserver.com/
http://www.quicksoftcorp.com/

CVE References

CVE-2007-4607