CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
96.0%
Alin Rad Pop of Secunia Research discovered that Evolution did not
properly validate timezone data when processing iCalendar attachments.
If a user disabled the ITip Formatter plugin and viewed a crafted
iCalendar attachment, an attacker could cause a denial of service or
possibly execute code with user privileges. Note that the ITip
Formatter plugin is enabled by default in Ubuntu. (CVE-2008-1108)
Alin Rad Pop of Secunia Research discovered that Evolution did not
properly validate the DESCRIPTION field when processing iCalendar
attachments. If a user were tricked into accepting a crafted
iCalendar attachment and replied to it from the calendar window, an
attacker code cause a denial of service or execute code with user
privileges. (CVE-2008-1109)
Matej Cepl discovered that Evolution did not properly validate date
fields when processing iCalendar attachments. If a user disabled the
ITip Formatter plugin and viewed a crafted iCalendar attachment, an
attacker could cause a denial of service. Note that the ITip
Formatter plugin is enabled by default in Ubuntu.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | evolution | < 2.22.2-0ubuntu1.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | evolution-dbg | < 2.22.2-0ubuntu1.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | evolution-dev | < 2.22.2-0ubuntu1.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | evolution-plugins | < 2.22.2-0ubuntu1.2 | UNKNOWN |
Ubuntu | 8.04 | noarch | evolution-plugins-experimental | < 2.22.2-0ubuntu1.2 | UNKNOWN |
Ubuntu | 7.10 | noarch | evolution | < 2.12.1-0ubuntu1.3 | UNKNOWN |
Ubuntu | 7.10 | noarch | evolution-dbg | < 2.12.1-0ubuntu1.3 | UNKNOWN |
Ubuntu | 7.10 | noarch | evolution-dev | < 2.12.1-0ubuntu1.3 | UNKNOWN |
Ubuntu | 7.10 | noarch | evolution-plugins | < 2.12.1-0ubuntu1.3 | UNKNOWN |
Ubuntu | 7.10 | noarch | evolution-plugins-experimental | < 2.12.1-0ubuntu1.3 | UNKNOWN |