Hastymail Attachment Content-Disposition Header XSS

2004-08-24T05:45:10
ID OSVDB:9131
Type osvdb
Reporter Jason Munro(jason@stdbev.com)
Modified 2004-08-24T05:45:10

Description

Vulnerability Description

Hastymail contains a flaw that allows a remote cross site scripting attack. The flaw exists because email attachments are not properly defined in the Content-Disposition HTTP header, which will allow Internet Explorer to open it inline. This could allow a user to inject Javascript or activeX code in the attachement that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 1.0.2, 1.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the patch provided by the vendor for versions 1.0.1 and 1.1.

Short Description

Hastymail contains a flaw that allows a remote cross site scripting attack. The flaw exists because email attachments are not properly defined in the Content-Disposition HTTP header, which will allow Internet Explorer to open it inline. This could allow a user to inject Javascript or activeX code in the attachement that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor Specific News/Changelog Entry: http://hastymail.sourceforge.net/security.php Security Tracker: 1011054 Secunia Advisory ID:12358 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0322.html ISS X-Force ID: 17091 CVE-2004-2704 Bugtraq ID: 11022