An attacker can send an attacker can send specially crafted HTML email to the targeted system, when the system process this email, it will result in the remote code execution, arbitrary system operation or disrupt service. The attacker must have the ability to send specially crafted HTML email, or have a valid remote access to the targeted system. This vulnerbility exists because of insecure handling of format string. An attacker can send specially crafted HTML email to the targeted system, when the system process this email, it will result in the remote code execution, arbitrary system operation or disrupt service. The attacker must have the ability to send specially crafted HTML email, or have a valid remote access to the targeted system. This vulnerbility exists because of insecure handling of format string. Remotely Exploitable with Remote code execution An attacker can send specially crafted HTML email to the targeted system, when the system process this email, it will result in the remote code execution, arbitrary system operation or disrupt service. The attacker must have the ability to send specially crafted HTML email, or have a valid remote access to the targeted system. This vulnerbility exists because of insecure handling of format string
Vulnerability Scenario
A company, ABC Software Inc., is a customer of a hosting provider. They are sending malicious emails to their clients and the hosting provider's servers. The email takes the format of -
"Dear Customer,
We regret to inform you that your access to our website will be withheld until you have successfully completed this form."
The HTML code has been designed in a way that causes the system process this email with remote code execution.
Timeline
Published on: 04/22/2022 07:15:00 UTC
Last modified on: 05/04/2022 12:57:00 UTC