cbcvebase.
CVE-2012-10043
published 2025-08-08

CVE-2012-10043: A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client…

PriorityP352critical9.3CVSS 4.0
AVLACLATNPRNUIAVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
0.33%
24.4th percentile
A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set "ECMA-94 / Latin 1 (ISO 8859)". Successful exploitation may result in arbitrary code execution, leading to full system compromise. User interaction is required to trigger the vulnerability.

Affected

1 ranges
VendorProductVersion rangeFixed in
actfaxserver

Detection & IOCsextracted from sources · hover to see the quote

filename.exp
versionActFax Server 4.32
  • Monitor for import of .exp files into ActFax Server via the 'Import Users from File' function, especially with character set 'ECMA-94 / Latin 1 (ISO 8859)'
  • Look for abnormally long tab-delimited fields in .exp (CSV-formatted) files processed by ActFax, indicative of a stack-based buffer overflow attempt via unsafe strcpy()
  • On Windows XP, if ActFax runs as a service, successful exploitation results in SYSTEM-level code execution — alert on unexpected child processes spawned from the ActFax service process
  • ·Exploitation requires user interaction — a victim must manually trigger the 'Import Users from File' action within the ActFax client interface
  • ·The exploit has only been confirmed on Windows XP SP3 and Windows 7 SP1 with ActFax Server 4.32; behavior on other platforms is untested
  • ·The malicious .exp file must be imported specifically using the default character set 'ECMA-94 / Latin 1 (ISO 8859)' for the overflow to trigger correctly
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.