A vulnerability has been reported in B21Soft's BASP21, which can be exploited by malicious people to send out unsolicited mail.
Input passed to certain functions within BSMTP.DLL is not properly sanitised before being used to construct and send SMTP messages. This can be exploited to e.g. send unsolicited mail to multiple users by injecting arbitrary mail headers via CRLF sequences.
The vulnerability is reported in BASP21 2003.0211 edition and BASP21 Pro versions 1.0.702.27 and prior. Other versions and applications that use BASP21 may also be affected.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org