Buffer overflow in CREAR AL-Mail32 prior to 1.13d allows remote malicious users to execute arbitrary code via a long filename of an attachment.
crear.ne.jp al-mail32