PT-2001-2323 · Unknown · Mailto.Exe

Published

2001-12-11

Updated

2008-09-05

CVE-2001-1188

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions mailto.exe version 1.0.9 and earlier

Description The issue allows remote attackers to send spam email through remote servers by modifying certain hidden form fields, including sendto, email, server, subject, and resulturl.

Recommendations For mailto.exe version 1.0.9 and earlier, consider disabling the mailto.exe functionality until a patch is available to prevent spam email sending. Restrict access to the hidden form fields to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-1188

Affected Products

Mailto.Exe

PT-2001-2323 · Unknown · Mailto.Exe

CVE-2001-1188

Related Identifiers

Affected Products

References · 4