CVE-2007-0617 - Vulnerability Details - OpenCVE

The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Earthlink	Total Access

Configuration 1 [-]

cpe:2.3:a:earthlink:total_access:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html
http://securityreason.com/securityalert/2210
http://www.securityfocus.com/bid/22238
https://exchange.xforce.ibmcloud.com/vulnerabilities/31827

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-01-31T11:00:00

Updated: 2024-08-07T12:26:54.248Z

Reserved: 2007-01-30T00:00:00

Link: CVE-2007-0617

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-01-31T11:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0617

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-25T00:00:00", "descriptions": [{"lang": "en", "value": "The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked \"safe for scripting,\" which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "earthlink-spamblocker-security-bypass(31827)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31827"}, {"name": "22238", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/22238"}, {"name": "20070125 Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html"}, {"name": "2210", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2210"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0617", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked \"safe for scripting,\" which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "earthlink-spamblocker-security-bypass(31827)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31827"}, {"name": "22238", "refsource": "BID", "url": "http://www.securityfocus.com/bid/22238"}, {"name": "20070125 Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html"}, {"name": "2210", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2210"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T12:26:54.248Z"}, "title": "CVE Program Container", "references": [{"name": "earthlink-spamblocker-security-bypass(31827)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31827"}, {"name": "22238", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/22238"}, {"name": "20070125 Earthlink TotalAccess ActiveX Unsafe Methods Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html"}, {"name": "2210", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2210"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0617", "datePublished": "2007-01-31T11:00:00", "dateReserved": "2007-01-30T00:00:00", "dateUpdated": "2024-08-07T12:26:54.248Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:earthlink:total_access:*:*:*:*:*:*:*:*", "matchCriteriaId": "F217DCFB-7946-494E-B3E1-D02EC445A889", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked \"safe for scripting,\" which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions."}, {"lang": "es", "value": "El control de ActiveX SpamBlocker.dll del Earthlink TotalAccess est\u00e1 marcado como \"seguro para secuencias de comandos\", lo que permite a atacantes remoto a\u00f1adir dominios y direcciones de correo electr\u00f3nico de su elecci\u00f3n a la lista blanca del bloqueo de spam en las funciones (1) AddSenderToWhitelist y (2) AddDomainToWhitelist."}], "evaluatorImpact": "Medium complexity because phishing attack", "id": "CVE-2007-0617", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-01-31T11:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2210"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/22238"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31827"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2210"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/22238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/31827"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}