In association with heise online

22 March 2007, 16:41

Vulnerability in Evolution mail client

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider Secunia has reported that crafted memos could be hazardous for PCs belonging to users of open source mail client Evolution. According to the report, the memo preview feature contains a format string vulnerability which could be used by an attacker to inject code onto a victim's computer using manipulated memos. The bug is in the write_html() function in the calendar/gui/e-cal-component-memo-preview.c module for displaying memo categories. According to Secunia, a victim needs to open a shared memo in their mailbox and switch to memo view - the bug does not apparently occur in mailbox view, as the category view is unavailable.

The bug has been confirmed in version and other versions are probably also vulnerable. According to the advisory, the Linux distributors have been informed of the bug and bug-fixed versions should be being released soon. Until then, users should proceed with caution when viewing shared memos.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit