KLA10399
Multiple vulnerabilities in Winmail
Updated: 06/01/2019
Detect date
?
11/21/2005
Severity
?
Critical
Description

Multiple serious vulnerabilities have been found in Winmail Server. Malicious users can exploit these vulnerabilities to inject scripts or overwrite local files. Below is a complete list of vulnerabilities

  1. A directory traversal can be exploited remotely via a side parameter;
  2. An XSS vulnerability can be exploited remotely via a retid parameter or specially designed e-mail messages.
Affected products

AMAX Magic Winmail Server versions 4.2 and earlier

Solution

Update to latest version

Impacts
?
CI 
[?]

WLF 
[?]
Related products
Winmail Server
CVE-IDS
?
CVE-2005-38115.0Critical
CVE-2005-36924.3Warning