Summary
The host is installed with Thunderbird/Seamonkey and is prone to Denial of Service vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary code via e-mail messages, and results in Denial of Service condition.
Impact Level: Application
Solution
Upgrade to Seamonkey version 1.1.17
http://www.seamonkey-project.org/releases
Upgrade to Thunderbird version 2.0.0.22
http://www.mozillamessaging.com/en-US/thunderbird/all.html
Insight
The flaw exists when application fails to handle user input messages via a multipart or alternative e-mail message containing a text or enhanced part that triggers access to an incorrect object type.
Affected
Seamonkey version prior to 1.1.17 and
Thunderbird version prior to 2.0.0.22 on Windows.
References
Severity
Classification
-
CVE CVE-2009-2210 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apple Safari Multiple Vulnerabilities June-09 (Win) - I
- CA eTrust SCM Multiple HTTP Gateway Service Vulnerabilities
- Apple QuickTime Multiple Denial Of Service Vulnerabilities (Win)
- Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Linux)
- Asterisk SIP Channel Driver Denial Of Service Vulnerability (Linux)