Description
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
Product(s):
- Novell NetMail 3.0.1
- Novell NetMail 3.0.3a A
- Novell NetMail 3.0.3a B
- Novell NetMail 3.10
- Novell NetMail 3.10 A
- Novell NetMail 3.10 B
- Novell NetMail 3.10c
- Novell NetMail 3.10d
- Novell NetMail 3.10e
- Novell NetMail 3.10f
- Novell NetMail 3.10g
- Novell NetMail 3.10 H
- Novell NetMail 3.1
- Novell NetMail 3.1 F
- Novell NetMail 3.5.2 A
- Novell NetMail 3.5.2 B
- Novell NetMail 3.5.2 C1
- Novell NetMail 3.5.2c
- Novell NetMail 3.5.2e-FTFL
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-2176, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-2176 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.