What is CVE-2010-20119?

CVE-2010-20119 is a vulnerability in Communicrypt Software Mail, classified under Stack-based Buffer Overflow. Published 2025-08-21.

Is CVE-2010-20119 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Communicrypt Software Mail

CVE-2010-20119

CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly va…

Vulnerability class: Buffer Overflow

EPSS: 0.523 (98.0th percentile) — read the EPSS interpretation.

Affected products

Communicrypt Software Mail — versions 0

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/w… (exploit)
www.exploit-db.com/exploits/12663 (exploit)
www.broadcom.com/support/security-center/attacksignatures/detail (third-party-advisory)
softwarelode.com/4185/details-communicrypt-mail.html (product)
www.fortiguard.com/encyclopedia/ips/23099 (third-party-advisory)
www.vulncheck.com/advisories/communicrypt-mail-activex-control-buffer-overflow (third-party-advisory)

Frequently asked questions

What is CVE-2010-20119?: CVE-2010-20119 is a vulnerability in Communicrypt Software Mail, classified under Stack-based Buffer Overflow. Published 2025-08-21.
Is CVE-2010-20119 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.