Rockliffe`s MailSite Express attachment script execution

mailsiteexpress-attachment-script-execution (22907) The risk level is classified as HighHigh Risk

Description:

Rockliffe's MailSite Express could allow a remote attacker to execute arbitrary script code. A remote attacker could send a specially-crafted email attachment that would be executed once the attachment is viewed.


Consequences:

Gain Access

Remedy:

Upgrade to the latest version of MailSite (6.1.22 or later), available from the MailSite Web site. See References.

References:

  • Full-Disclosure Mailing List, Fri Oct 28 2005 - 00:32:25 CDT: Multiple vulnerabilities within RockLiffe MailSite Express WebMail.
  • Rockliffe - Rock Solid Internet Software: Webmail Server: MailSite - Rockliffe.
  • BID-15229: Rockliffe MailSite Express Message Body HTML Injection Vulnerability
  • BID-15230: Rockliffe MailSite Express Arbitrary Script File Upload Vulnerability
  • CVE-2005-3287: Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory.
  • CVE-2005-3428: Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.
  • CVE-2005-3430: Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.
  • OSVDB ID: 20488: Rockliffe MailSite Express WebMail Email Message Body XSS
  • SA17240: MailSite Express Attachment Upload and Script Insertion
  • SECTRACK ID: 1015063: MailSite Express Lets Remote Users Upload Scripting Files and Execute Them
  • SECTRACK ID: 1015117: RockLiffe MailSite Express WebMail Discloses WebMail Files to Remote Users and Permits Cross-Site Scripting Attacks

Platforms Affected:

  • Rockliffe MailSite Express prior to 6.1.22

Reported:

Oct 28, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page