GNUMail.App GnuPG Arbitrary Content Injection Vulnerability

Bugtraq ID:	22779
Class:	Design Error
CVE:	CVE-2007-1269
Remote:	Yes
Local:	No
Published:	Mar 05 2007 12:00AM
Updated:	Mar 06 2007 06:45PM
Credit:	This vulnerability was found by Gerardo Richarte from Core Security Technologies.
Vulnerable:	GNUMail.app GNUMail.app 1.1.2
Not Vulnerable:

GNUMail.App GnuPG Arbitrary Content Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

GNUMail.App GnuPG Arbitrary Content Injection Vulnerability

References:

• GNUMail.app Homepage (GNUMail.app)
  
• GnuPG Homepage (GnuPG)
  
• Impacket library (Core Security)
  
• CORE-2007-0115: GnuPG and GnuPG clients unsigned data injection vulnerability (CORE Security Technologies Advisories )