CVE-2004-2586

Name of the Vulnerable Software and Affected Versions SmarterMail versions 1.6.1511 through 1.6.1529

Description The issue allows remote attackers to read arbitrary files due to a directory traversal vulnerability in the frmGetAttachment.aspx file. This is achieved via the filename parameter.

Recommendations For versions 1.6.1511 through 1.6.1529, consider restricting access to the frmGetAttachment.aspx file until a patch is available. As a temporary workaround, avoid using the filename parameter in the affected file to minimize the risk of exploitation.