EarthLink TotalAccess ActiveX Control Unsafe Methods Weakness

Bugtraq ID:	22238
Class:	Access Validation Error
CVE:	CVE-2007-0617
Remote:	Yes
Local:	No
Published:	Jan 25 2007 12:00AM
Updated:	May 12 2015 07:35PM
Credit:	Ethan Hunt <[email protected]> is credited with the discovery of this issue.
Vulnerable:	EarthLink TotalAccess 0
Not Vulnerable:

EarthLink TotalAccess ActiveX Control Unsafe Methods Weakness

EarthLink TotalAccess ActiveX control is prone to a weakness regarding certain methods.

An attacker can exploit this issue to use certain methods of the control to modify the spam filter's whitelist. This may aid in further attacks.

NOTE: The vendor refutes this issue and states that the application is not vulnerable.

EarthLink TotalAccess ActiveX Control Unsafe Methods Weakness

To exploit this issue, an attacker must entice an unsuspecting victim into visiting a malicious webpage.

EarthLink TotalAccess ActiveX Control Unsafe Methods Weakness

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

NOTE: The vendor refutes this issue and states that the application is not vulnerable.

EarthLink TotalAccess ActiveX Control Unsafe Methods Weakness

References:

• EarthLink Homepage (EarthLink)
  
• Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability (Michael Strutton)