CVE-2001-0398 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to misrepresent the attachment's type with a different icon.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Ritlabs	The Bat	1.0_build1336

References

http://archives.neohapsis.com/archives/bugtraq/2001-04/0013.htmlVendor Advisory
http://www.securityfocus.com/bid/2530ExploitPatchVendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2001-04/0013.htmlVendor Advisory
http://www.securityfocus.com/bid/2530ExploitPatchVendor Advisory

FAQ

What is CVE-2001-0398?

CVE-2001-0398 is a vulnerability with a CVSS score of 7.5 (HIGH). The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also cause...

How severe is CVE-2001-0398?

CVE-2001-0398 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2001-0398?

Check the references section above for vendor advisories and patch information. Affected products include: Ritlabs The Bat.