318 matches found
PDF Malware Using New Attack Technique
A fresh batch of malicious PDFs is making the rounds via email, with the attackers trying to trick users into opening the files by making them look like instructions for an update to their email accounts. The difference this time, however, is that the attack uses a technique recently published by...
CVE-2008-5514
Off-by-one error in the rfc822outputchar function in the RFC822BUFFER routines in the University of Washington UW c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cause a denial of service crash via an e-mail message...
CVE-2008-5005
Multiple stack-based buffer overflows in 1 University of Washington IMAP Toolkit 2002 through 2007c, 2 University of Washington Alpine 2.00 and earlier, and 3 Panda IMAP allow a local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail...
Vista Windows Mail客户端本地文件执行漏洞(MS07-034)
Windows Mail是Windows Vista所捆绑的默认邮件客户端。 Vista Windows Mail在处理邮件中的链接时存在漏洞,远程攻击者可能利用此漏洞在用户机器上执行恶意代码。 如果文件夹中存在相同名称的可执行文件的话,则如果用户点击了邮件中恶意链接的话,Vistas Mail客户端就会执行该可执行文件。假设C:\盘下存在名为blah的文件夹,同时该盘下还存在名为blah.bat的批处理脚本,则如果用户点击了邮件中目标设置为C:\blah的URL的话,就会未经提示执行批处理脚本。 例如,发送包含有以下URL的HTML邮件消息: a...
CVE-2007-2372
CVE-2007-2372 affects phpMyNewsletter 0.8 beta5 and earlier. The admin/send_mod.php path prints a Location header but does not exit when administrative credentials are missing, enabling remote attackers to craft an e-mail via a POST containing subject, message, format, and list_id, then send the ...
Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability. This is related to the handling of certain HTML tags. Attackers could exploit this issue via a malicious web page to execute arbitrary code in the context of the currently logged-in user. They could also use HT...
Mozilla XBM Image Vulnerability
Package: Mozilla Auth: http://www.mozilla.org Vulnerability Type: Remote Denial Of Service Affected Software: Mozilla ver. 1.6 for Windows maybe vulnerable also prior versions Not vulnerable: Mozilla for Linux What's Mozilla: -------------- Mozilla is a suite of internet applications. Users can...
CVE-2004-2301
Eudora before 6.1.1 allows remote attackers to cause a denial of service crash via an e-mail with a long "To:" field, possibly due to a buffer overflow...
[Full-Disclosure] DoS in popclient 3.0b6
DoS in popclient 3.0b6 ---------------------- Release Date: 29th June 2004 Discovery: Dean White [email protected] Research: John Cartwright [email protected] Overview -------- "popclient is a Post Office Protocol compliant mail retrieval client which supports both POP2 as specified in RFC 9...
CVE-2003-0792
Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service crash via a certain email...
CVE-2003-0721
Integer signedness error in rfc2231getparam from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number...
PT-2003-1817 · Washington University · Pine
Name of the Vulnerable Software and Affected Versions: PINE versions prior to 4.58 Description: The issue is related to an integer signedness error in the rfc2231 get param function from strings.c. This error allows remote attackers to execute arbitrary code via an email that causes an...
Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation
Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation source: https://www.securityfocus.com/bid/10514/info Microsoft Internet Explorer is prone to a security weakness that may permit malicious HTML documents to create or overwrite files on a victim file system when interpreted fro...
CVE-2002-1765
Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of service memory consumption and crash via an email with a malformed MIME header...
CVE-2002-0342
Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of service crash via an email message whose body is approximately 55 K long...
CVE-2000-0738
WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . period at the end, which causes WebShield to continuously send itself copies of the e-mail...
Microsoft Outlook 97/98/2000 / Outlook Express 4.0/5.0 - GMT Field Buffer Overflow (1)
source: https://www.securityfocus.com/bid/1481/info All versions of Microsoft Outlook and Outlook Express are vulnerable to buffer overflow attacks where a remote user is capable of executing arbitrary code on an email recipient's system. The problem lies in how Outlook and Outlook Express handle...
Security Update for Windows 2000 (819696)
An identified security issue in Microsoft® DirectX® could allow an attacker to run programs on a computer running Microsoft® Windows® 2000. The attacker would first have to send you an e-mail message or entice you into visiting a malicious Web site. You can help protect your computer by installin...