| VID |
18112 |
| Severity |
30 |
| Port |
110 |
| Protocol |
TCP |
| Class |
POP3 |
| Detailed Description |
A version of Alt-N MDaemon POP3 Server which is older than version 12.0.3 is detected as running on the host. Alt-N MDaemon is an SMTP/POP/IMAP server for Microsoft Windows operating systems. The remote webmail client has a cross-site scripting vulnerability. The LookOut theme in such versions reportedly may interpret JavaScript in a message subject in the Summary view.
By sending a specially crafted email to a user who reads mail through the affected webmail client, a remote attacker may be able to exploit this issue to inject arbitrary HTML script code into his browser to be executed in the security context of the affected application.
* Note: This check solely relied on the banner of the remote POP3 server to assess this vulnerability, so this might be a false positive.
* References:
http://files.altn.com/MDaemon/Release/relnotes_en.html
* Platforms Affected:
Alt-N Technologies, Inc., MDaemon versions prior to 12.0.3 |
| Recommendation |
Upgrade to the latest version of MDaemon (12.0.3 or later), available from the Alt-N Technologies Web site at http://www.altn.com/download/default.asp?product_id=Mdaemon |
| Related URL |
(CVE) |
| Related URL |
47896 (SecurityFocus) |
| Related URL |
(ISS) |
|
