PT-2015-4935 · Al · Al-Mail32
Yosuka Hasegawa
·
Published
2015-02-20
·
Updated
2015-02-20
·
CVE-2015-0879
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
AL-Mail32 versions prior to 1.13d
Description
The issue allows remote attackers to cause a denial of service, resulting in an application crash. This can be achieved by including specific device names in the filename of an attachment, such as
CON, AUX, or NUL.Recommendations
For versions prior to 1.13d, update to version 1.13d or later to resolve the issue. As a temporary workaround, consider restricting the types of filenames that can be used for attachments to prevent the inclusion of device names like
CON, AUX, or NUL.Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Al-Mail32