Vulnerability CVE-2001-0642
Published: 2001-09-20   Modified: 2012-02-12

Description:
Directory traversal vulnerability in IncrediMail version 1400185 and earlier allows local users to overwrite files on the local hard drive by appending .. (dot dot) sequences to filenames listed in the content.ini file.

Type:

CWE-Other

CVSS2 => (AV:L/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Incredimail -> Incredimail 

 References:
http://archives.neohapsis.com/archives/bugtraq/2001-05/0078.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/6529
Copyright 2024, cxsecurity.com

 

Back to Top