Lucene search

Kaspersky LabKLA10399

HistoryNov 21, 2005 - 12:00 a.m.

KLA10399 Multiple vulnerabilities in Winmail

2005-11-2100:00:00

Kaspersky Lab

threats.kaspersky.com

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.185 Low

EPSS

Percentile

96.3%

JSON

Multiple serious vulnerabilities have been found in Winmail Server. Malicious users can exploit these vulnerabilities to inject scripts or overwrite local files. Below is a complete list of vulnerabilities

A directory traversal can be exploited remotely via a side parameter;
An XSS vulnerability can be exploited remotely via a retid parameter or specially designed e-mail messages.

Original advisories

Related products

Winmail-Server

CVE list

CVE-2005-3811 critical

CVE-2005-3692 warning

Solution

Update to latest version

Impacts

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.

Affected Products

AMAX Magic Winmail Server versions 4.2 and earlier

References

statistics.securelist.com/

threats.kaspersky.com/en/product/Winmail-Server/

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.5 Medium

AI Score

Confidence

Low

0.185 Low

EPSS

Percentile

96.3%

JSON

Related for KLA10399