6.0.0-git
2019-07-18

[#24] IE & Webmail Vulnerability
Summary IE & Webmail Vulnerability
Queue IMP
Queue Version 3.2.3
Type Bug
State Resolved
Priority 1. Low
Owners
Requester ng.owner (at) thenetgamer (dot) com
Created 2004-03-23 (5595 days ago)
Due
Updated 2004-03-23 (5595 days ago)
Assigned
Resolved 2004-03-23 (5595 days ago)
Milestone
Patch No

History
2004-03-23 16:46:01 Jan Schneider Comment #4
State ⇒ Resolved
Reply to this comment
We tested on the current RELENG_3 and HEAD branches and IMP was 
filtering out this code correctly. That means that IMP 3.2.3 is safe 
too, as safe as active filtering can be.
2004-03-23 15:29:33 ng (dot) owner (at) thenetgamer (dot) com Comment #3 Reply to this comment
Suggested priority: 3. High

I've changed the priority due to what could be done if IMP is 
vulnerable. The list includes:



Theft of login and password.

Content disclosure of any email in the mailbox.

Automatically send emails from the mailbox.

Exploitation of known vulnerabilities in the browser to access the 
user's file system and eventually take over the machine.

Distribution of a web-based email worm.

Disclosure of all contacts within the address book.


2004-03-23 15:28:32 ng (dot) owner (at) thenetgamer (dot) com Comment #2 Reply to this comment
I just realized that the verison we are using IMP 3.2.2.



Brian
2004-03-23 15:25:28 ng (dot) owner (at) thenetgamer (dot) com Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Reply to this comment
Is IMP vulnerable to this exploit: Remotely Exploitable Cross-Site Scripting



More information is available here: 
http://www.greymagic.com/security/advisories/gm005-mc/



Brian Loftus

Saved Queries