Ximian Evolution < 2.3.8 Inline XML Content-parsing Overflow
Medium Nessus Network Monitor Plugin ID 3388
SynopsisThe remote host is vulnerable to a buffer overflow.
DescriptionThe remote host is running a version of the Ximian Evolution email client that does not properly parse user-supplied data. Specifically, this version of Evolution is reported to be vulnerable to a flaw in the way that it handles inline XML attachments. A remote attacker can craft an email message such that, upon opening, Evolution crashes or executes arbitrary code.
SolutionUpgrade to version 2.3.8 or higher.