Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Ximian Evolution < 1.2.3 MIME image/* Content-Type Data Injection



The remote host may be tricked into running an executable file


The remote host is running a version of the Ximian Evolution email client that does not properly validate MIME image/* Content-Type fields. If an email message contains an image/* Content-Type, any type of data can be embedded where the image information is expected. This can be used to embed HTML tags that will be rendered by GTKHtml, bypass policies, or invoke bonobo components to handle external content types.


Upgrade to Evolution 1.2.3 or higher.