Vulnerabilities > CVE-2007-0617 - Unspecified vulnerability in Earthlink Total Access
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html
- http://securityreason.com/securityalert/2210
- http://securityreason.com/securityalert/2210
- http://www.securityfocus.com/bid/22238
- http://www.securityfocus.com/bid/22238
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31827
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31827