CVE - CVE-2012-1103

CVE-ID
CVE-2012-1103	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs interface, allows user-assisted remote attackers to read arbitrary files via crafted MML tags, which are not properly quoted in an email reply cna cause the files to be attached to the message.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:52155 URL:http://www.securityfocus.com/bid/52155 CONFIRM:http://git.notmuchmail.org/git/notmuch/blobdiff/3f2050ac221a4c940c12442f156f12fff11600c6..ae438ccd8c77831158c7c30f19710d798ee4a6b4:/emacs/notmuch-mua.el CONFIRM:http://notmuchmail.org/news/release-0.11.1/ DEBIAN:DSA-2416 URL:http://www.debian.org/security/2012/dsa-2416 MLIST:[oss-security] 20120304 CVE request: notmuch URL:http://www.openwall.com/lists/oss-security/2012/03/04/5 MLIST:[oss-security] 20120304 Re: CVE request: notmuch URL:http://www.openwall.com/lists/oss-security/2012/03/05/6 SECUNIA:48139 URL:http://secunia.com/advisories/48139
Assigning CNA
Red Hat, Inc.
Date Record Created
20120214	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20120214)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)