cbcvebase.
CVE-2010-20119
published 2025-08-21

CVE-2010-20119: CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls…

PriorityP259high8.6CVSS 4.0
AVNACLATNPRNUIAVCHVIHVAHSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.05%
60.1th percentile
CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly validate the length of input strings, allowing data to exceed the bounds of a fixed-size stack buffer. When invoked with an overly long string, the control can corrupt adjacent memory structures, including exception handlers, leading to potential control flow disruption.

Affected

1 ranges
VendorProductVersion rangeFixed in
communicrypt_softwarecommunicrypt_mail<= 1.16

Detection & IOCsextracted from sources · hover to see the quote

filenameANSMTP.dll
filenameAOSMTP.dll
commandAddAttachments()
  • Monitor for browser processes instantiating ANSMTP.dll or AOSMTP.dll ActiveX controls, which are the vulnerable components exploited in this CVE.
  • Detect calls to the AddAttachments() method on the affected ActiveX controls with abnormally long string arguments, which is the specific attack vector for this vulnerability.
  • Look for stack-based buffer overflow indicators such as corruption of exception handler records (SEH chain overwrite) following invocation of AddAttachments() in the context of ANSMTP.dll or AOSMTP.dll.
  • ·The vulnerability affects CommuniCrypt Mail versions up to and including 1.16 only; later versions are not confirmed affected.
  • ·Both ANSMTP.dll and AOSMTP.dll are independently vulnerable; detection and remediation must cover both ActiveX controls.
  • ·This is a browser-delivered exploit (drive-by), meaning exploitation occurs via a web browser instantiating the ActiveX control, not through direct host-based execution.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.