PT-2003-1389 · Ximian · Ximian Evolution Mail User Agent

Published

2003-03-21

Updated

2017-10-11

CVE-2003-0130

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Ximian Evolution Mail User Agent versions 1.2.2 and earlier

Description The issue concerns the handle image function in mail-format.c, which fails to properly escape HTML characters. This allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.

Recommendations For versions 1.2.2 and earlier, update to a version that properly escapes HTML characters in the handle image function to prevent arbitrary data and HTML injection.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0130

Affected Products

Ximian Evolution Mail User Agent

PT-2003-1389 · Ximian · Ximian Evolution Mail User Agent

CVE-2003-0130

Related Identifiers

Affected Products

References · 14