This Metasploit module exploits a stack overflow in Oracle Document Capture 10g (10.1.3.5.0). Oracle Document Capture 10g comes bundled with a third party ActiveX control emsmtp.dll (6.0.1.0). When passing a overly long string to the method "SubmitToExpress" an attacker may be able to execute arbitrary code.
3681ea82f4e84abfe0cbea6f00e7b797da8c9e22f7fa045d832eda5a5371bd10