|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] GoldMine Execution of Arbitrary Code
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri May 30 2003 - 02:29:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
GoldMine Execution of Arbitrary Code
READ ONLINE:
http://www.secunia.com/advisories/8893/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
GoldMine 6.x
GoldMine 5.x
DESCRIPTION:
A vulnerability has been identified in GoldMine, allowing malicious
people to send emails which will execute arbitrary code.
The problem seems to be that HTML emails are rendered by Internet
Explorer. When GoldMine calls Internet Explorer to do this, any
content of the email will be executed in the "Local Zone".
Versions 5.70.11111, 5.70.20404, 6.00.21021, 6.00.30203 and
6.00.30403 have been reported to be vulnerable.
SOLUTION:
Version 5.70.30503 and 6.00.30503 are not vulnerable.
A quick workaround is to disable Internet Explorer as the email
viewer.
REPORTED BY / CREDITS:
Michael S. Scheidell
ORIGINAL ADVISORY:
http://www.secnap.net/security/gm001.html
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]