icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Pegasus Mail <= 3.12c mailto: Embedded URL File Forwarding Weakness

Medium

Synopsis

The remote host may be tricked into uploading confidential files to a malicious webserver.

Description

The remote host is running the Pegasus 3.12c mail client. This version contains a vulnerability whereby a malicious website operator may be able to obtain copies of known files on a remote system if a website visitor is running the 3.12c version of the Pegasus client.

Solution

Upgrade to the latest version of Pegasus.