Ximian Evolution < 1.2.3 MIME image/* Content-Type Data Injection
Medium Nessus Network Monitor Plugin ID 1308
SynopsisThe remote host may be tricked into running an executable file
DescriptionThe remote host is running a version of the Ximian Evolution email client that does not properly validate MIME image/* Content-Type fields. If an email message contains an image/* Content-Type, any type of data can be embedded where the image information is expected. This can be used to embed HTML tags that will be rendered by GTKHtml, bypass policies, or invoke bonobo components to handle external content types.
SolutionUpgrade to Evolution 1.2.3 or higher.