Vulnerabilities > CVE-2007-0617 - Unspecified vulnerability in Earthlink Total Access
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
earthlink
Summary
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions. Medium complexity because phishing attack
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |