EasyMail SMTP Object ActiveX Control Multiple Buffer Overflows "EasyMail Objects, a set of COM objects for supporting email protocols, is installed on the remote Windows host. It may have been bundled with a third-party application, such as Oracle Document Capture, Earthlink internet access software, Borland Caliber RM Client, and FrontRange Heat. The SMTP component of the version of this control installed on the remote host reportedly contains multiple buffer overflows involving the AddAttachment and SubmitToExpress methods that could lead to arbitrary code execution on the affected system. Successful exploitation requires, though, that an attacker trick a user on the affected host into visiting a specially crafted web page." "Either disable its use from within Internet Explorer by setting its kill bit or remove it completely."
This has been run by FrontRange Development. Unfortunately this is not our .dll (supplied by third party) and therefore we don’t have a lot of control over it. The offender, the emsmtp.dll, specifically version 5.0, is what is used by current HEAT releases. An updated DLL can be downloaded for free and with no registration from the QuickSoft site: https://www.quiksoft.com/support/updates/ Looking at the Release Notes (below) for the 220.127.116.11 version of the SMTP product, it looks like the updated DLL may fix this. We have run a test with Call Logging and HMC, and when replacing BOTH the emsmtp.dll and the empop3.dll to the current 18.104.22.168 version from the above link, everything looks to still work properly in HEAT. These DLLs are in the main Program Files/HEAT folder and can simply be replaced with the new ones. It is recommended that copies of the originals are retained. We have not tested the DLLs for all security vulnerabilities, and so make no claims that updating to these DLLs will fix the security issue for certain. We have only smoked tested the email functionality in HEAT with the updated DLLs, and have NOT put the entire product through a full QA cycle with the updated DLLs. QuickSoft Release Notes: Version 22.214.171.124 Release Date: February 15, 2007 Security: Fixed scripting related security issues. Version 126.96.36.199 Release Date: November 27, 2006 Feature: Added AUTH MSN. Set ESMTP_AuthMode property to 8. Version 188.8.131.52 Release Date: November 27, 2006 Feature: You can now add attachments using non-ASCII file names. Feature: Added ConvertHTMLToAlternativeText method that allows you to convert an HTML string to a Plain text string. Feature: Added NTLM Authentication. Set ESMTP_AuthMode property to 8. Version 184.108.40.206 Release Date: March 13, 2006 Fix: Calling ImportBodyTextEx could result in truncation of the HTML body text. Version 220.127.116.11 Release Date: February 9, 2006 Fix: When not using autowrap the message body could be truncated due to changes in prior version. Feature: Code reviewed and additional buffer overrun protection added. Fix: Multi-line response could cause problem with using the SMTP with SSL. Feature: Adding 64 as an option flag will save the message with out any additional x-headers.