Directory traversal vulnerability in CREAR AL-Mail32 prior to 1.13d allows remote malicious users to write to arbitrary files via a crafted filename of an attachment.
almail al-mail32