Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Ximian Evolution < 2.3.8 Inline XML Content-parsing Overflow

Medium

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running a version of the Ximian Evolution email client that does not properly parse user-supplied data. Specifically, this version of Evolution is reported to be vulnerable to a flaw in the way that it handles inline XML attachments. A remote attacker can craft an email message such that, upon opening, Evolution crashes or executes arbitrary code.

Solution

Upgrade to version 2.3.8 or higher.