| VID |
21778 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Winmail Server is vulnerable to multiple vulnerabilities which exist in versions 4.2 (build 0824) and earlier. Winmail Server is a commercial mail server including extensive security measures for Microsoft Windows platforms. Winmail Server version 4.2 (build 0824) and possibly other versions are vulnerable to multiple vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting and script insertion attacks, and overwrite arbitrary files.
* References:
http://www.frsirt.com/english/advisories/2005/2485
http://secunia.com/advisories/16665
http://secunia.com/secunia_research/2005-58/advisory/
* Platforms Affected:
AMAX Information Technologies Inc., Winmail Server 4.2 (build 0824) and earlier versions
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of December 2005.
Upgrade to the latest version of Winmail Server, when new fixed version becomes available from the Winmail Server Download Web site at http://www.magicwinmail.net/download.asp |
| Related URL |
CVE-2005-3692 (CVE) |
| Related URL |
15493 (SecurityFocus) |
| Related URL |
23132,23140,23141,23142 (ISS) |
|
