[#24] IE & Webmail Vulnerability
Summary IE & Webmail Vulnerability
Queue IMP
Queue Version 3.2.3
Type Bug
State Resolved
Priority 1. Low
Requester ng.owner (at) thenetgamer (dot) com
Created 2004-03-23 (5983 days ago)
Updated 2004-03-23 (5983 days ago)
Resolved 2004-03-23 (5983 days ago)
Patch No

2004-03-23 16:46:01 Jan Schneider Comment #4
State ⇒ Resolved
Reply to this comment
We tested on the current RELENG_3 and HEAD branches and IMP was 
filtering out this code correctly. That means that IMP 3.2.3 is safe 
too, as safe as active filtering can be.
2004-03-23 15:29:33 ng (dot) owner (at) thenetgamer (dot) com Comment #3 Reply to this comment
Suggested priority: 3. High

I've changed the priority due to what could be done if IMP is 
vulnerable. The list includes:

Theft of login and password.

Content disclosure of any email in the mailbox.

Automatically send emails from the mailbox.

Exploitation of known vulnerabilities in the browser to access the 
user's file system and eventually take over the machine.

Distribution of a web-based email worm.

Disclosure of all contacts within the address book.

2004-03-23 15:28:32 ng (dot) owner (at) thenetgamer (dot) com Comment #2 Reply to this comment
I just realized that the verison we are using IMP 3.2.2.

2004-03-23 15:25:28 ng (dot) owner (at) thenetgamer (dot) com Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Reply to this comment
Is IMP vulnerable to this exploit: Remotely Exploitable Cross-Site Scripting

More information is available here: 

Brian Loftus

Saved Queries