JVN#22348866
Active! mail vulnerable to stack-based buffer overflow
Critical
Overview
Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability.
Products Affected
- Active! mail 6 BuildInfo: 6.60.05008561 and earlier
Description
Active! mail provided by QUALITIA CO., LTD. contains a stack-based buffer overflow vulnerability (CWE-121).
The developer states that attacks exploiting the vulnerability has been observed.
Impact
Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition.
Solution
Update the Software
Update the software according to the information provided by the developer.
The developer has released the following version to address this vulnerability.
- Active! mail 6 BuildInfo: 6.60.06008562
Vendor Status
| Vendor | Link |
| QUALITIA CO., LTD. | Important Notice Regarding Vulnerability for Active! mail 6 (Text in Japanese) |
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
Credit
QUALITIA CO., LTD. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and QUALITIA CO., LTD. coordinated under the Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
JPCERT-AT-2025-0010 Alert Regarding Stack-based Buffer Overflow Vulnerability in Active! mail (Text in Japanese) |
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2025-42599 |
| JVN iPedia |
JVNDB-2025-000027 |
Update History
- 2025/04/18
- Information under the section [Vendor Status] and [Other Information] was updated.