JVN#89344424
Multiple email clients vulnerable in handling an attachement inapropriately
Overview
Some email clients contain a vulnerability which may crash themselves as they do not properly handle an attached file with an particular file name.
Products Affected
- For more information, refer to the vendors' websites
Description
Impact
Actual impact could differ depending on the email clients though, email clients may crash when hadling an attached file with a particular file name. Other possible impacts could be an attached file not being saved or hanged up while in the saving process, or an error message being displayed on the application related to the attached file.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| Edcom Inc. | Not Vulnerable | 2006/01/31 | |
| Orangesoft Inc. | Not Vulnerable | 2006/01/31 | |
| Saitoh Kikaku | Not Vulnerable | 2006/01/31 | |
| Pochy project team | Unknown | 2006/01/31 | |
| JustSystems Corporation | Not Vulnerable | 2006/02/20 | |
| FUJITSU LIMITED | Vulnerable | 2007/03/15 | |
| Yokogawa Electric Corporation | Not Vulnerable, investigating | 2006/02/28 | |
| Allied Telesis K.K. | Not Vulnerable | 2006/03/10 | |
| Hitachi | Vulnerable | 2006/04/27 | |
| RICOH COMPANY, LTD. | Not Vulnerable | 2006/05/10 |
| Vendor | Link |
| Pochy Project Team |
http://pochy.sourceforge.jp/pukiwiki/pukiwiki.php?%A5%CB%A5%E5%A1%BC%A5%B9 |
References
JPCERT/CC Addendum
Credit
Yosuke Hasegawa reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000602 |