CVE-2012-10043

UNKNOWN 0.0

ActFax 4.32 Client Importer Buffer Overflow

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set "ECMA-94 / Latin 1 (ISO 8859)". Successful exploitation may result in arbitrary code execution, leading to full system compromise. User interaction is required to trigger the vulnerability.

CWE	CWE-121
Vendor	actfax
Product	server
Published	Aug 8, 2025
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for actfax server

Be the first to know when new unknown vulnerabilities affecting actfax server are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

ActFax / Server

4.32

References

NVD ↗ CVE.org ↗ EPSS Data ↗

raw.githubusercontent.com: https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/actfax_import_users_bof.rb exploit-db.com: https://www.exploit-db.com/exploits/20915 web.archive.org: https://web.archive.org/web/20130712072809/http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html actfax.com: https://www.actfax.com/ vulncheck.com: https://www.vulncheck.com/advisories/actfax-client-importer-buffer-overflow

Credits

Craig Freyman