Arbitrary Data Injection via MIME Content-ID Header in Ximian Evolution Mail User Agent

Arbitrary Data Injection via MIME Content-ID Header in Ximian Evolution Mail User Agent

CVE-2003-0130 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.

Learn more about our User Device Pen Test.