|
|
Info |
Last Modified |
| 8 months ago |
|
|
|
|
Description |
Hastymail contains a flaw that allows a remote cross site scripting attack. The flaw exists because email attachments are not properly defined in the Content-Disposition HTTP header, which will allow Internet Explorer to open it inline. This could allow a user to inject Javascript or activeX code in the attachement that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation,
Misconfiguration
Impact:
Loss of Integrity
Exploit:
Exploit Unknown
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Solution |
Upgrade to version 1.0.2, 1.2 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the patch provided by the vendor for versions 1.0.1 and 1.1.
|
|
Products |
|
Hastymail
 |
1.0.1 |
1.1 |
|
|
|
|
|
|
Credit |
- Jason Munro - jason
 stdbev.com -
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
