CVE-2018-10497

Name of the Vulnerable Software and Affected Versions: Samsung Email versions prior to 5.0.02.16

Description: This issue allows local attackers to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the handling of EML files, resulting from the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. This can allow an attacker to escalate privileges to resources normally protected from the application.

Recommendations: For versions prior to 5.0.02.16, update to version 5.0.02.16 to resolve the issue. As a temporary workaround, consider restricting the handling of EML files until the update is applied. Avoid using the vulnerable EML file parsing functionality in Samsung Email until the issue is resolved.