Next Page >>
mail client
======================
3) Technical details
======================
An unauthenticated remote code execution vulnerability exists in the
way that the Windows Mail Client software
handles specially crafted mail responses. An attempt to exploit the
vulnerability would not require authentication,
allowing an attacker to exploit the vulnerability by sending a
and business collaboration application developed by IBM to work as a
desktop client in conjunction with IBM’s Lotus Domino server application.
The email functionality of Lotus Notes supports previewing and processing
file attachments in various formats. To preview and process files in the
Lotus Worksheet File format (WKS) used by Lotus 1-2-3 the email client
uses a library from a third-party software vendor (Autonomy’s Verity
KeyView SDK). Several buffer overflow vulnerabilities were found in the
third-party library used by Lotus Notes to process Lotus 1-2-3 file
attachments.
#!/usr/bin/env python
###########################################################
#
# Eureka Mail Client Remote Buffer Overflow Exploit XP SP3 English Egghunter Edition
# Coded By: k4mr4n_st@yahoo.com
# Found By: k4mr4n (Securitylab.ir Member)
# Tested On: Windows XPSP3 English
# Note: This script sets up a fake SMTP server
# Note: Set the client to this address and check your mail
#
> iPod/iPhone standard e-mail application does not validate SSL certificates
> and is vulnerable to a MITM (man in the middle attack).
>
> Vulnerable: All versions.
Well... mujmail.org email client also does not validate ssl
cerificates -- optionaly. Reasoning is that SSL with unverified
certificate is still better than sending plaintext passwords.
Does that count as a vulnerability?
Pavel
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of IBM Lotus Notes Email Client. User
interaction is required to exploit this vulnerability in that the target
must open a malicious email attachment.
The specific flaw exists within the Lotus Notes file viewer utilizing
the KeyView SDK to render a malformed .wk3 document. The application
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of IBM Lotus Notes Email Client. User
interaction is required to exploit this vulnerability in that the target
must open a malicious email attachment.
The specific flaw exists within the Lotus Notes file viewer utilizing
the KeyView SDK to render a malformed Word document. The application
After a standard system upgrade you need to restart Thunderbird to effect
the necessary changes.
Details follow:
USN-469-1 fixed vulnerabilities in the Mozilla Thunderbird email client.
The updated Thunderbird version broken compatibility with the Enigmail
plugin. This update corrects the problem. We apologize for the
inconvenience.
execution of arbitrary code.
Background
==========
Evolution is the mail client of the GNOME desktop environment.
Affected packages
=================
-------------------------------------------------------------------
:Fixed in: --
Description
-----------
We could not find out the definitive description for eOffice in English. This is our own understanding of the application: eOffice is an IMAP email client.
We have discovered a remote code execution vulnerability in eOffice. The attacker could force an unknowning user to execute arbitrary code.
To exploit this bug, an attacker only needs to send a specially-crafted email to his target's address. When the victim clicks on the email, malicious code will run immediately. From there, the attacker might take full control of the machine, or simply cause a Denial of Service.
AOL Instant Messenger ("AIM", http://www.aim.com) is an instant messaging
application that allows its users to communicate in real time via text,
voice, and video over the Internet. It is maintained by AOL LLC. AIM Pro
is AOL's business-oriented version of AIM targeted for professional use
with an emphasis on "business-grade" security and integration with email
client and other productivity applications
(http://aimpro.premiumservices.aol.com/) AIM Lite, as defined in its
website (http://x.aim.com/laim/), is a reference application used to test
new technology also developed by AOL and available for the public in the
form of a "light IM client".
Vendor's actions: Details confidential.
VULNERABILITY DESCRIPTION
Send an email with > 2023 MIME attachments to the vicim client. Upon parsing the attachments, the mail client crashes.
Impact: DoS
Type: Remote, by sending a crafted email. Buffer overflow on parsing MIME attachments.
Result: Mail.app crashes upon parsing the attachments, and produces a crash report.
Client leaves email on mail server, so it crashes again on the same mail at next startup.
leading to the execution of arbitrary code.
Background
==========
Evolution is the mail client of the GNOME desktop environment. Camel is
the Evolution Data Server module that handles mail functions.
Affected packages
=================
which may allow user-assisted arbitrary remote code execution.
Background
==========
Mozilla Thunderbird is a popular open-source email client from the
Mozilla project.
Affected packages
=================
Package : icedove
Debian Bug : 671408 671410
The latest security update, DSA-2464-1, for Icedove, Debian's version
of the Mozilla Thunderbird mail client, contained a regression: the
removal of UTF-7 support resulted in incorrect display of IMAP folder
names.
For the stable distribution (squeeze), this problem has been fixed in
version 3.0.11-1+squeeze10.
>
> Exploitable under Windows XP, not exploitable under Vista.
>
> --Wednesday, October 3, 2007, 11:59:45 PM, you wrote to jinc4fareijj@hotmail.com:
>
> GH> is this a mirc bug or a mail client bug?
>
> >> mailto:%xx../../../../../../../../../../../windows/system32/calc.exe".bat
> >>
>
> --
>> security risk, as they said), found by Henry Sudhof - Mozilla Foundation
>> Security Advisory 2010-23
>> (http://www.mozilla.org/security/announce/2010/mfsa2010-23.html) (Image
>> src
>> redirect to mailto: URL opens email editor). Which allow to open email
>> client at user's computer via redirector, which redirecting to mailto:
>> URL.
>> But this vulnerability was fixed only in Firefox 3.5.9, Firefox 3.6.2 and
>> SeaMonkey 2.0.4, but not in Firefox 3.0.x.
>>
>> After I recently read this advisory, I decided to check different
> security risk, as they said), found by Henry Sudhof - Mozilla Foundation
> Security Advisory 2010-23
> (http://www.mozilla.org/security/announce/2010/mfsa2010-23.html)
> (Image src
> redirect to mailto: URL opens email editor). Which allow to open email
> client at user's computer via redirector, which redirecting to mailto:
> URL.
> But this vulnerability was fixed only in Firefox 3.5.9, Firefox 3.6.2 and
> SeaMonkey 2.0.4, but not in Firefox 3.0.x.
>
> After I recently read this advisory, I decided to check different
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of IBM Lotus Notes Email Client. User
interaction is required to exploit this vulnerability in that the target
must open a malicious email attachment.
The specific flaw exists within the Lotus Notes file viewer utilizing
the KeyView SDK to render a malformed .wk3 document. The application
the case of the ".doc" and ".txt", it appears the final association will
determine how the rest of the string is processed.
File association plays a role because command line will attempt to launch
the default mail handler. This seems to indicate the problem is at a "lower"
level than the browser/mail client. This would explain why it works equally
well despite having Firefox, IE7, thunderbird, or outlook.
Based upon the IE7 blog posting, it seems this fundamental change may have
been introduced with IE7/XPSP2. However, this is mainly theory. I have
tested the "malicious" string on an XP (no service pack) and IE6. The string
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications like Firefox and
Thunderbird.
Background
==========
Mozilla Firefox is an open-source web browser and Mozilla Thunderbird
an open-source email client, both from the Mozilla Project. The
SeaMonkey project is a community effort to deliver production-quality
releases of code derived from the application formerly known as the
'Mozilla Application Suite'. XULRunner is a Mozilla runtime package
that can be used to bootstrap XUL+XPCOM applications like Firefox and
Thunderbird.
http://www.tippingpoint.com
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of IBM Lotus Notes Email Client. User
interaction is required to exploit this vulnerability in that the target
must open a malicious email attachment.
The specific flaw exists within the Lotus Notes file viewer utilizing
the KeyView SDK to render a Word document containing a malformed shape.
On 9/26/2009 5:54 AM, Pavel Machek wrote:
> Well... mujmail.org email client also does not validate ssl
> cerificates -- optionaly. Reasoning is that SSL with unverified
> certificate is still better than sending plaintext passwords.
>
> Does that count as a vulnerability?
Yes; it's not that difficult for someone on the same network segment to
proxy all your traffic, and if you don't check your certificate then you
might as well have sent it plaintext.
Hello Bugtraq!
I want to warn you about security vulnerabilities in email clients,
particularly in Outlook Express and Outlook. This advisory is concerned with
my series of advisories about vulnerabilities in browsers, which belong to
group of DoS via protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
clients are security vulnerabilities, must read my first advisory on this
topic (http://www.securityfocus.com/archive/1/511327/30/0/threaded). Where I
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Oracle Outside In. Authentication is not
required to exploit this vulnerability.
The flaw exists within the sccfut.dll component which is used by
multiple vendors, most notably the Novell Groupwise E-Mail Client. When
opening the OOXML formatted mail attachment for preview the process
copies the target of a Relationship tag to a local stack buffer. A
remote attacker can exploit this vulnerability to execute arbitrary code
under the context of SYSTEM.
Fetchmail is a remote mail retrieval and forwarding utility intended
for use over on-demand TCP/IP links, like SLIP or PPP connections.
Fetchmail supports every remote-mail protocol currently in use on the
Internet (POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6,
and IPSEC) for retrieval. Then Fetchmail forwards the mail through
SMTP so you can read it through your favorite mail client.
quagga
Quagga is a free software that manages TCP/IP based routing protocol.
It takes multi-server and multi-thread approach to resolve the current
complexity of the Internet.
At 30.02.2010 Mozilla fixed vulnerability (small one, which poses no
security risk, as they said), found by Henry Sudhof - Mozilla Foundation
Security Advisory 2010-23
(http://www.mozilla.org/security/announce/2010/mfsa2010-23.html) (Image src
redirect to mailto: URL opens email editor). Which allow to open email
client at user's computer via redirector, which redirecting to mailto: URL.
But this vulnerability was fixed only in Firefox 3.5.9, Firefox 3.6.2 and
SeaMonkey 2.0.4, but not in Firefox 3.0.x.
After I recently read this advisory, I decided to check different browsers.
And as I checked at 16.05.2010, to this vulnerability are vulnerable web
Background
==========
Mozilla Firefox is an open-source web browser from the Mozilla Project,
and Mozilla Thunderbird an email client. The SeaMonkey project is a
community effort to deliver production-quality releases of code derived
from the application formerly known as the 'Mozilla Application Suite'.
XULRunner is a Mozilla runtime package that can be used to bootstrap
XUL+XPCOM applications like Firefox and Thunderbird.
#####################################################################################
Application: Eureka Mail client
Platforms: Windows XP Professional SP2
Exploitation: remote BoF
Date: 2009-10-06
Additionally the 'help://' protocol handler suffer from directory
traversal. It should be noted that the scope of this issue is limited as
the malicious URIs cannot be embedded in Internet hosted content.
KMail input sanitization errors:
The KDE mail client, KMail, performs insufficient validation which leads
to specially crafted email attachments, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites.
The exploitation of these vulnerabilities is unlikely according to
Next Page>>
|
