Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16927
HistoryMay 03, 2007 - 12:00 a.m.

Vulnerability in InterVations' MailCopa

2007-05-0300:00:00
vulners.com
11
JSON

While developing one of our advanced security training movies, we
identified an exploitable vulnerability in the latest release of
InterVetions' MailCopa. Successful exploitation of this vulnerability
allows an attacker to execute arbitrary code in the context of the
user executing MailCopa. In a web-based attack scenario, an attacker
can insert a link in the following way:

<a href="mailto:[email protected]?subject=aaaaaaaaaaaa … aaaaaaaaaaaaa">

If the user can be tricked into clicking on such a malicious link, an
overflow occurs, leading to code execution on the victim's system.

Countermeasures:
The vendor was informed on April 30, 2007 and published a patched
version just a few hours later. Amazing response time!

Credits:
skilltube.com

If you are interested in learning more about vulnerability research
and exploitation techniques, check out our advanced security training
movies on www.skillTube.com.

JSON