HTML to Plain Text Conversion Remote Code Execution Vulnerability

The 'HTML to Plain Text Conversion' class from is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to inject and execute malicious server-side script in the context of the application using the vulnerable class. Successful exploits will compromise the affected application and possibly the underlying computer.

The issue affects version 1.0 of the class; other versions may also be affected.

NOTE: This issue was initially reported in Roundcube Webmail. Note that RoundCube Webmail 0.2-1 alpha, 0.2-2 beta, and possibly other versions are vulnerable because they use the vulnerable 'HTML to Plain Text Conversion' class.


Privacy Statement
Copyright 2010, SecurityFocus