GNUMail.App GnuPG Arbitrary Content Injection Vulnerability
GNUMail.app is prone to a vulnerability that may allow an attacker to add arbitrary content into a message without the end user knowing.
An attacker may be able to exploit this issue to add arbitrary content into a GnuPG signed and/or encrypted message.
This vulnerability is due to the weakness discussed in BID 22757 (GnuPG Signed Message Arbitrary Content Injection Weakness) and has been assigned its own BID because of the specific way that GNUMail.app uses GnuPG.
This issue affects GNUMail.app versions prior to and including 1.1.2.