Moderate

CVE-2003-0130 - Unspecified vulnerability in Ximian Evolution

Publication: 2003-03-24
Summary

The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.

Risk level (CVSS 5)

Moderate

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Ximian Evolution 1.0.3
  • Ximian Evolution 1.0.4
  • Ximian Evolution 1.0.5
  • Ximian Evolution 1.0.6
  • Ximian Evolution 1.0.7
  • Ximian Evolution 1.0.8
  • Ximian Evolution 1.1.1
  • Ximian Evolution 1.2
  • Ximian Evolution 1.2.1
  • Ximian Evolution 1.2.2