CVE-2018-10498

Name of the Vulnerable Software and Affected Versions: Samsung Email versions prior to 5.0.02.16

Description: This issue allows local attackers to disclose sensitive information by exploiting a flaw in the handling of file:/// URIs. The problem stems from the lack of proper validation of user-supplied data, enabling the reading of arbitrary files. An attacker must first obtain the ability to execute low-privileged code on the target system. This issue can be leveraged in conjunction with other vulnerabilities to escalate privileges.

Recommendations: For versions prior to 5.0.02.16, update to version 5.0.02.16 to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.