Release date:
Updated on:
Affected Systems:
Horde IMP 5.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 54195
IMP is an internet messaging program written in PHP. It provides webpage email access and rich Web message transmission for IMAP and POP3 accounts.
In versions earlier than IMP 5.0.22, input transmitted through SVG attachments is not properly filtered. arbitrary HTML and script code can be inserted, and then executed in browser sessions when users view malicious data.
<* Source: Mike Cardwell
Link: http://secunia.com/advisories/49643/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Horde
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://lists.horde.org/archives/announce/2012/000773.html