PT-2005-3723 · Rediff+1 · Rediff Bol+3
Published
2005-09-08
·
Updated
2024-02-14
·
CVE-2005-2858
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Rediff Bol version 7.0
Description
The issue allows remote attackers to read the Windows Address Book. This is achieved via the
FullAddressBook method of the Fetch.FetchContact.1 ActiveX control, which is part of the Fetch.dll component.Recommendations
For Rediff Bol version 7.0, consider disabling the Fetch.FetchContact.1 ActiveX control to prevent exploitation until a patch is available. Restrict access to the
FullAddressBook method to minimize the risk of unauthorized address book access.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Fetch.Fetchcontact.1 Activex Control
Fetch.Dll
Rediff Bol
Windows