CVE-2003-0130 | Vulnerability Database | Aqua Security

The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.

Affected Software

Name	Vendor	Start Version	End Version
Evolution	Ximian	1.0.3	1.0.3
Evolution	Ximian	1.0.4	1.0.4
Evolution	Ximian	1.0.5	1.0.5
Evolution	Ximian	1.0.6	1.0.6
Evolution	Ximian	1.0.7	1.0.7
Evolution	Ximian	1.0.8	1.0.8
Evolution	Ximian	1.1.1	1.1.1
Evolution	Ximian	1.2	1.2
Evolution	Ximian	1.2.1	1.2.1
Evolution	Ximian	1.2.2	1.2.2

References

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html
http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000648
http://marc.info/?l=bugtraq\u0026m=104826470527308\u0026w=2
http://www.coresecurity.com/common/showdoc.php?idx=309\u0026idxseccion=10
http://www.gentoo.org/security/en/glsa/glsa-200303-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2003:045
http://www.redhat.com/support/errata/RHSA-2003-108.html
http://www.securityfocus.com/bid/7119
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A111

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0130
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html