CVE-2003-0130

Published Mar 24, 2003

Last updated 7 years ago

Overview

Description: The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ximian:evolution:1.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4A2F537-E877-43CA-89A3-AF3C09AFAAFE"
          },
          {
            "criteria": "cpe:2.3:a:ximian:evolution:1.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86D0D1A5-209C-4BA2-9D15-5790F44C176D"
          },
          {
            "criteria": "cpe:2.3:a:ximian:evolution:1.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7900F8AA-0BE8-4F89-99EC-3AF70BCF2A65"
          },
          {
            "criteria": "cpe:2.3:a:ximian:evolution:1.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCF6CCE6-AB19-438B-875F-043235C51BB9"
          },
          {
            "criteria": "cpe:2.3:a:ximian:evolution:1.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70CD8FAD-EA92-410E-AFF3-E65CF9FD83A6"
          },
          {
            "criteria": "cpe:2.3:a:ximian:evolution:1.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F280DC6C-76DA-4B92-B5BD-2C68C589B635"
          },
          {
            "criteria": "cpe:2.3:a:ximian:evolution:1.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87D49227-6D6A-4D0B-848E-232E05195EF3"
          },
          {
            "criteria": "cpe:2.3:a:ximian:evolution:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABF0F7DE-64B8-4B5F-9081-032CC2893B18"
          },
          {
            "criteria": "cpe:2.3:a:ximian:evolution:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99DB0EF4-6B2F-4F5D-B4FF-05732980B28D"
          },
          {
            "criteria": "cpe:2.3:a:ximian:evolution:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C678BF17-00A7-497A-B517-C9DCFEBAC4FE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References