CVE-2003-0241 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers to execute arbitrary code via a message that is rendered in IE using a less secure zone.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Frontrange	Goldmine	5.70

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0091.htmlExploitPatchVendor Advisory
http://www.secnap.net/security/gm001.htmlExploitPatchVendor Advisory
http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0091.htmlExploitPatchVendor Advisory
http://www.secnap.net/security/gm001.htmlExploitPatchVendor Advisory

FAQ

What is CVE-2003-0241?

CVE-2003-0241 is a vulnerability with a CVSS score of 7.5 (HIGH). FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sends HTML to the default browser without setting its security zone or otherwise labeling it untrusted, which allows remote attackers...

How severe is CVE-2003-0241?

CVE-2003-0241 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0241?

Check the references section above for vendor advisories and patch information. Affected products include: Frontrange Goldmine.