Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0130

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2003-0130
Last Modified 10 Sep 2008 03:18:01
Published 24 Mar 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-0130

Summary

The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.

Vulnerable Systems

Application

  • Ximian Evolution 1.0.3

  • Ximian Evolution 1.0.4

  • Ximian Evolution 1.0.5

  • Ximian Evolution 1.0.6

  • Ximian Evolution 1.0.7

  • Ximian Evolution 1.0.8

  • Ximian Evolution 1.1.1

  • Ximian Evolution 1.2

  • Ximian Evolution 1.2.1

  • Ximian Evolution 1.2.2


References

BID - 7119

MISC - http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10

BUGTRAQ - 20030321 GLSA: evolution (200303-18)

REDHAT - RHSA-2003:108

BUGTRAQ - 20030319 CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent

MANDRAKE - MDKSA-2003:045

GENTOO - GLSA-200303-18

CONECTIVA - CLA-2003:648


Last Updated: 27 May 2016 10:37:48