| Name | RoundCube.Webmail.Pregreplace.Code.Execution |
| Last Updated Date | Mar 26, 2009 |
| Release Date | Mar 05, 2009 |
| Severity | High |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attack attempt against a code-execution vulnerability in RoundCube Webmail.
The vulnerability is caused by an error when the vulnerable software handles a malicious post request. It allows a remote attacker to execute arbitrary code via sending a crafted web page. |
| Affected Products | Round Cube RoundCube Webmail 0.2-3 beta
Round Cube RoundCube Webmail 0.2-1 alpha |
| Recommended Actions | Apply the patch supplied by the vendor:
http://downloads.sourceforge.net/roundcubemail/roundcubemail-0.2-beta-patch.tar.gz |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-5619
|
| Reference/s | http://milw0rm.org/exploits/7553
|