CVE-2010-4699

Name of the Vulnerable Software and Affected Versions PHP versions prior to 5.3.4

Description The issue is related to the iconv mime decode headers function in the Iconv extension, which does not properly handle unrecognized encodings. This can be exploited by remote attackers to trigger an incomplete output array, potentially bypassing spam detection or having other unspecified impacts. The attack can be carried out via a crafted Subject header in an e-mail message.

Recommendations For versions prior to 5.3.4, update to version 5.3.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the iconv mime decode headers function until a patch is available. Avoid using unrecognized encodings in the Subject header of e-mail messages to minimize the risk of exploitation.