CVE-2011-3201

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions GNOME Evolution versions prior to 3.2.3

Description The issue allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a "mailto:" URL, which attaches the file to the email. This enables attackers to access files on the user's system by manipulating the attachment parameter in a mailto URL.

Recommendations For versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the attachment parameter in mailto URLs until the update is applied.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CESA-2013_0516

CVE-2011-3201

RHSA-2013:0516

RHSA-2013_0516

Affected Products

Centos

Debian

Gnome Evolution

Red Hat

CVE-2011-3201

Weakness Enumeration

Related Identifiers

Affected Products

References · 26