Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4080

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2005-4080
Last Modified 07 Mar 2011 09:27:39
Published 07 Dec 2005 08:03:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4080

Summary

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.

Vulnerable Systems

Application

  • Horde Imp 2.0

  • Horde Imp 2.2

  • Horde Imp 2.2.1

  • Horde Imp 2.2.2

  • Horde Imp 2.2.3

  • Horde Imp 2.2.4

  • Horde Imp 2.2.5

  • Horde Imp 2.2.6

  • Horde Imp 2.2.7

  • Horde Imp 2.2.8

  • Horde Imp 2.3

  • Horde Imp 3.0

  • Horde Imp 3.1

  • Horde Imp 3.1.2

  • Horde Imp 3.2

  • Horde Imp 3.2.1

  • Horde Imp 3.2.2

  • Horde Imp 3.2.3

  • Horde Imp 3.2.4

  • Horde Imp 3.2.5

  • Horde Imp 4.0

  • Horde Imp 4.0.1

  • Horde Imp 4.0.2

  • Horde Imp 4.0.3

  • Horde Imp 4.0.4


References

XF - imp-email-attachment-xss(23465)

VUPEN - ADV-2005-2773

BID - 15730

BUGTRAQ - 20051206 Horde IMP Webmail Client XSS all versions

SECTRACK - 1015315

SREASON - 232

SECUNIA - 17910


Last Updated: 27 May 2016 10:41:11