OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: snsadvlac.co.jp
Date: Thu Jun 13 2002 - 00:31:43 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----------------------------------------------------------------------
    SNS Advisory No.54
    Active! mail Executing the Script upon the Opening of a Mail Message Vulnerability

    Problem first discovered: Fri, 31 May 2002
    Published: Wed, 13 June 2002
    ----------------------------------------------------------------------

    Overview:
    ---------
      Active! mail displays messages without converting them properly when
      a specific e-mail header contains HTML tags.

    Problem Description:
    --------------------
      Active! mail developed and distributed by TransWARE Co.,
      (http://www.transware.co.jp/), is a web-based e-mail system.
      Active! mail displays messages without converting them properly when
      a specific e-mail header contains HTML tags. If for example, a user
      receives an e-mail embedding a malicious <script> tag in the header,
      this script will run upon opening the e-mail message. Exploitation
      could result in the disclosure of the user's cookie information and
      in the possibility for an attacker to misuse the Web mail system.

    Tested Versions:
    ----------------
      Active! mail 1.422
      Active! mail 2.0

    Solution:
    ---------
      This problem can be eliminated by updating to Active! mail ver.2.0.1.1,
      which is available at:

      http://www.transware.co.jp/active/download/am_download.html

    Discovered by:
    --------------
      Keigo Yamazaki (LAC)

    Disclaimer:
    -----------
    All information in these advisories are subject to change without any advanced notices neither mutual consensus, and each of them is released as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences caused by applying those information.

    ------------------------------------------------------------------
    SecureNet Service(SNS) Security Advisory <snsadvlac.co.jp>
    Computer Security Laboratory, LAC http://www.lac.co.jp/security/