NVD

Id
52839  
Name
CVE-2007-0617  
Description
The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2007-01-31  
Modified Date
2008-09-05  
Seq
2007-0617  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
267022 52839 CVE-2007-0617 20070125 Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability  View
267023 52839 CVE-2007-0617 2210  View
267024 52839 CVE-2007-0617 22238  View
267025 52839 CVE-2007-0617 earthlink-spamblocker-security-bypass(31827)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
52791 JVNDB-2007-001483 Earthlink TotalAccess の SpamBlocker.dll ActiveX コントロールにおける電子メールアドレスを追加される脆弱性 Earthlink TotalAccess の SpamBlocker.dll ActiveX コントロールは、"安全なスクリプティング" にマークされるため、スパムブロック用のホワイトリストに任意の電子メールアドレスおよびドメインを追加される脆弱性が存在します。 CVE-2007-0617 23972 CVE-2007-0617 52839 6.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001483.html 2007-01-31 2012-06-26 View