Signature Detail

POP3: Email Containing HTML SCRIPT Tag

This signature detects the presence of script code within the contents of an e-mail. Such an e-mail could take advantage of vulnerabilities in various POP3 clients.

Extended Description

IBM Lotus Notes email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically when the email message is viewed. Specifically, users accessing standard Notes mail templates through a Web mail client are affected. This vulnerability may be leveraged by a remote attacker to automatically execute arbitrary script code in the context of a target user.

Affected Products

• IBM Lotus Domino 5.0.13
• IBM Lotus Domino 6.0.5
• IBM Lotus Domino 6.5.4
• IBM Lotus Domino Enterprise Server 5.0.13
• IBM Lotus Domino Enterprise Server 6.0.5
• IBM Lotus Domino Enterprise Server 6.5.4
• IBM Lotus Notes 5.0.12
• IBM Lotus Notes 5.0.3
• IBM Lotus Notes 6.0.0
• IBM Lotus Notes 6.0.1
• IBM Lotus Notes 6.0.2
• IBM Lotus Notes 6.0.3
• IBM Lotus Notes 6.0.4
• IBM Lotus Notes 6.0.5
• IBM Lotus Notes 6.5.0
• IBM Lotus Notes 6.5.1
• IBM Lotus Notes 6.5.2
• IBM Lotus Notes 6.5.3
• IBM Lotus Notes 6.5.4

References

• BugTraq: 14164
• URL: http://www.sans.org/newsletters/risk/display.php?v=4&i=27#05.27.14
• URL: http://www-1.ibm.com/support/docview.wss?uid=swg21211783