Computer Security
[EN] securityvulns.ru no-pyccku


Earthlink TotalAccess AtciveX protection bypass
Published:25.01.2007
Source:
SecurityVulns ID:7112
Type:client
Threat Level:
2/10
Description:It's possible to manage sender and domain whitelists.
CVE:CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.)
Original documentdocumentEthan Hunt, [Full-disclosure] Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability (25.01.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod