Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1948

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2006-1948
Last Modified 05 Sep 2008 05:03:16
Published 20 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1948

Summary

The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient.

Vulnerable Systems

Application

  • Ibm Lotus Notes 6.0

  • Ibm Lotus Notes 6.5


References

CONFIRM - http://www-1.ibm.com/support/docview.wss?rs=475&uid=swg21232945

SECTRACK - 1015914


Last Updated: 27 May 2016 10:42:16