Release date:
Updated on: 2012-4 4
Affected Systems:
McAfee Email Gateway 7.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56751
McAfee Email Gateway is a comprehensive Email security solution.
McAfee Email Gateway 7.0, 7.0.1, and 7.0.2 have security bypass and HTML injection vulnerabilities. The application does not correctly verify certain management settings in the Secure Web Delivery Client. This error can be exploited to create messages or even exhaust disk space. The email attachment name in the Secure Web Delivery Client is not correctly verified. As a result, arbitrary HTML and script code can be inserted for unauthorized operations.
<* Source: Oliver R. Gruskovnjak
Link: http://secunia.com/advisories/51441/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
McAfee
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.mcafee.com/