IncrediMail stores attachments in a known directory
| incredimail-insecure-attachment-directory (8460) |  Low Risk |
Description:
IncrediMail stores email attachments in a known directory. A remote attacker could use the information when planning further attacks.
Consequences:
Obtain Information
Remedy:
No remedy available as of April 17, 2010.
References:
- BugTraq Mailing List, Fri Mar 15 2002 - 11:33:21 CST: MSIE vulnerability exploitable with IncrediMail.
- IncrediMail Web site: IncrediMail - Email has finally evolved.
- BID-4297: IncrediMail Ltd. IncrediMail Known Attachment Location Vulnerability
- CVE-2002-0455: IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
- OSVDB ID: 14412: IncrediMail Stored Attachment Predictable Filename Weakness
Platforms Affected:
- IncrediMail IncrediMail Xe B618 and prior
Reported:
Mar 15, 2002
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this