Vulnerability Description
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Earthlink | Total Access | All versions |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html
- http://securityreason.com/securityalert/2210
- http://www.securityfocus.com/bid/22238
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31827
- http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html
- http://securityreason.com/securityalert/2210
- http://www.securityfocus.com/bid/22238
- https://exchange.xforce.ibmcloud.com/vulnerabilities/31827
FAQ
What is CVE-2007-0617?
CVE-2007-0617 is a vulnerability with a CVSS score of 6.8 (MEDIUM). The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist v...
How severe is CVE-2007-0617?
CVE-2007-0617 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0617?
Check the references section above for vendor advisories and patch information. Affected products include: Earthlink Total Access.