2011-01-18 21:00:10 2018-10-30 17:26:21

The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE
PHP 5.2.16 PHP 5.2.15 PHP 5.2.14 PHP 5.2.13 PHP 5.2.12 PHP 5.2.11 PHP 5.2.10 PHP 5.2.9 PHP 5.2.8 PHP 5.2.7 PHP 5.2.6 PHP 5.2.5 Php Php 5.2.4 Windows (not an official CPE) PHP 5.2.4 PHP 5.2.3 PHP 5.2.2 PHP 5.2.1 PHP 5.2.0 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP PHP 5.1.0 PHP PHP 5.0.5 PHP PHP 5.0.4 PHP PHP 5.0.3 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.0 RC3 PHP PHP 5.0.0 RC2 PHP PHP 5.0.0 RC1 PHP PHP 5.0.0 Beta4 PHP PHP 5.0.0 Beta3 PHP PHP 5.0.0 Beta2 PHP PHP 5.0.0 Beta1 PHP PHP 5.0.0 PHP 4.4.9 PHP 4.4.8 PHP PHP 4.4.7 PHP PHP 4.4.6 PHP PHP 4.4.5 PHP PHP 4.4.4 PHP PHP 4.4.3 PHP PHP 4.4.2 PHP PHP 4.4.1 PHP PHP 4.4.0 PHP PHP 4.3.11 PHP PHP 4.3.10 PHP PHP 4.3.9 PHP PHP 4.3.8 PHP PHP 4.3.7 PHP PHP 4.3.6 PHP PHP 4.3.5 PHP PHP 4.3.4 PHP PHP 4.3.3 PHP PHP 4.3.2 PHP PHP 4.3.1 PHP PHP 4.3.0 PHP PHP 4.2.3 PHP PHP 4.2.2 PHP PHP 4.2.1 PHP PHP 4.2.0 PHP PHP 4.1.2 PHP PHP 4.1.1 PHP PHP 4.1.0 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.0.5 PHP PHP 4.0.4 PHP PHP 4.0.3 PHP PHP 4.0.2 PHP PHP 4.0.1 PHP PHP 4.0.0 PHP PHP 4.0 Beta 4 Patch Level 1 PHP PHP 4.0 Beta 4 PHP PHP 4.0 Beta 3 PHP PHP 4.0 Beta 2 PHP PHP 4.0 Beta 1 Php Php 4.0 (not an official CPE) PHP PHP 3.0.18 PHP PHP 3.0.17 PHP PHP 3.0.16 PHP PHP 3.0.15 PHP PHP 3.0.14 PHP PHP 3.0.13 PHP PHP 3.0.12 PHP PHP 3.0.11 PHP PHP 3.0.10 PHP PHP 3.0.9 PHP PHP 3.0.8 PHP PHP 3.0.7 PHP PHP 3.0.6 PHP PHP 3.0.5 PHP PHP 3.0.4 PHP PHP 3.0.3 PHP PHP 3.0.2 PHP PHP 3.0.1 PHP PHP 3.0 PHP PHP_FI 2.0b10 PHP PHP_FI 2.0 PHP PHP_FI 1.0 PHP 5.2.17 PHP 5.3.0 PHP 5.3.1 PHP 5.3.2 PHP 5.3.3