CVE-2007-0617

Name of the Vulnerable Software and Affected Versions Earthlink TotalAccess (affected versions not specified)

Description The issue concerns the SpamBlocker.dll ActiveX control, which is marked as "safe for scripting". This marking allows remote attackers to execute malicious actions, specifically adding arbitrary e-mail addresses and domains to the spam blocker whitelist. The attackers can achieve this by utilizing the AddSenderToWhitelist and AddDomainToWhitelist functions.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.