CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2007-0617

The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 66.9%

CVSS Severity

CVSS v2 Score 6.8

References

http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html
http://securityreason.com/securityalert/2210
http://www.securityfocus.com/bid/22238
https://exchange.xforce.ibmcloud.com/vulnerabilities/31827
http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/052021.html
http://securityreason.com/securityalert/2210
http://www.securityfocus.com/bid/22238
https://exchange.xforce.ibmcloud.com/vulnerabilities/31827

Products affected by CVE-2007-0617

Earthlink » Total Access » Version: Any

cpe:2.3:a:earthlink:total_access:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-0617

Products

Pricing

Contact Us