header-logo
Suggest Exploit
vendor:
The Bat!
by:
SecurityFocus
7.5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: The Bat!
Affected Version From: 1.53d
Affected Version To: 1.53d
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Microsoft Windows
2002

The Bat! Denial of Service Vulnerability

A problem occurs with The Bat! when it is configured to save attachments seperately from the body of a message. It is possible to include a MS-DOS device name (such as CON, AUX, PRN, etc.) in the filename of the attachment to cause a denial of service to an e-mail client with this configuration.

Mitigation:

Ensure that The Bat! is not configured to save attachments seperately from the body of a message.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4187/info

The Bat! is an e-mail client for Microsoft Windows operating systems.

A problem occurs with The Bat! when it is configured to save attachments seperately from the body of a message. It is possible to include a MS-DOS device name (such as CON, AUX, PRN, etc.) in the filename of the attachment to cause a denial of service to an e-mail client with this configuration.

This appears to be an issue with The Bat! version 1.53d. Earlier versions do not appear to be affected.

bash-2.03$ sendmail -U test@test.com
From: test
To: test
Content-Type: apllication/exe; name=lpt1

Test

Navigation

Suggest Exploit

Services By CQR