CVE-2013-10064

CRITICAL

ActFax Server <5.01 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-10064. PoCs published by Craig Freyman, Craig Freyman, corelanc0d3r, juan vazquez, including Metasploit module exploits/windows/misc/actfax_raw_server_bof.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in ActFax Server 5.01 RAW server via malformed data fields (@F506, @F605, @F000). It uses a staged payload with alphanumeric encoding and a custom getPC routine to achieve remote code execution.

Description

A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this vulnerability by sending specially crafted @F506 fields, potentially leading to arbitrary code execution. Successful exploitation requires network access to TCP port 4559 and does not require authentication.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Craig Freyman · rubyremotewindows

https://www.exploit-db.com/exploits/24467

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in ActFax Server 5.01 RAW server via malformed data fields (@F506, @F605, @F000). It uses a staged payload with alphanumeric encoding and a custom getPC routine to achieve remote code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ActFax Server 5.01

No auth needed

Prerequisites: Network access to ActFax RAW server (port 0) · ActFax Server 5.01 with RAW server enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

by Craig Freyman, corelanc0d3r, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/actfax_raw_server_bof.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow vulnerability in ActFax 5.01 RAW Server by sending a maliciously crafted @F506 field, leading to remote code execution. The exploit leverages a strcpy-based overflow and includes a custom payload with specific bad character avoidance and encoder options.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: ActFax Server 5.01

No auth needed

Prerequisites: Network access to the ActFax RAW Server · ActFax 5.01 running on a vulnerable system (e.g., Windows XP SP3)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Core References

Various Sources product

http://www.actfax.com/

Various Sources technical-description exploit

https://web.archive.org/web/20130212065755/http://www.pwnag3.com/2013/02/actfax-raw-server-exploit.html

Various Sources exploit

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/misc/actfax_raw_server_bof.rb

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/24467

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/actfax-raw-server-buffer-overflow

Scores

CVSS v4 9.3

EPSS 0.0130

EPSS Percentile 66.7%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-121

Status published

Products (1)

ActFax Communication/ActFax Server 5.01

Published Aug 05, 2025

Tracked Since Feb 18, 2026