CVE-2010-4699

2011-01-18 21:00:10 2018-10-30 17:26:21

The iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

PHP 5.2.16 PHP 5.2.15 PHP 5.2.14 PHP 5.2.13 PHP 5.2.12 PHP 5.2.11 PHP 5.2.10 PHP 5.2.9 PHP 5.2.8 PHP 5.2.7 PHP 5.2.6 PHP 5.2.5 Php Php 5.2.4 Windows (not an official CPE) PHP 5.2.4 PHP 5.2.3 PHP 5.2.2 PHP 5.2.1 PHP 5.2.0 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP PHP 5.1.0 PHP PHP 5.0.5 PHP PHP 5.0.4 PHP PHP 5.0.3 PHP PHP 5.0.1 PHP PHP 5.0.2 PHP PHP 5.0.0 RC3 PHP PHP 5.0.0 RC2 PHP PHP 5.0.0 RC1 PHP PHP 5.0.0 Beta4 PHP PHP 5.0.0 Beta3 PHP PHP 5.0.0 Beta2 PHP PHP 5.0.0 Beta1 PHP PHP 5.0.0 PHP 4.4.9 PHP 4.4.8 PHP PHP 4.4.7 PHP PHP 4.4.6 PHP PHP 4.4.5 PHP PHP 4.4.4 PHP PHP 4.4.3 PHP PHP 4.4.2 PHP PHP 4.4.1 PHP PHP 4.4.0 PHP PHP 4.3.11 PHP PHP 4.3.10 PHP PHP 4.3.9 PHP PHP 4.3.8 PHP PHP 4.3.7 PHP PHP 4.3.6 PHP PHP 4.3.5 PHP PHP 4.3.4 PHP PHP 4.3.3 PHP PHP 4.3.2 PHP PHP 4.3.1 PHP PHP 4.3.0 PHP PHP 4.2.3 PHP PHP 4.2.2 PHP PHP 4.2.1 PHP PHP 4.2.0 PHP PHP 4.1.2 PHP PHP 4.1.1 PHP PHP 4.1.0 PHP PHP 4.0.6 PHP PHP 4.0.7 PHP PHP 4.0.5 PHP PHP 4.0.4 PHP PHP 4.0.3 PHP PHP 4.0.2 PHP PHP 4.0.1 PHP PHP 4.0.0 PHP PHP 4.0 Beta 4 Patch Level 1 PHP PHP 4.0 Beta 4 PHP PHP 4.0 Beta 3 PHP PHP 4.0 Beta 2 PHP PHP 4.0 Beta 1 Php Php 4.0 (not an official CPE) PHP PHP 3.0.18 PHP PHP 3.0.17 PHP PHP 3.0.16 PHP PHP 3.0.15 PHP PHP 3.0.14 PHP PHP 3.0.13 PHP PHP 3.0.12 PHP PHP 3.0.11 PHP PHP 3.0.10 PHP PHP 3.0.9 PHP PHP 3.0.8 PHP PHP 3.0.7 PHP PHP 3.0.6 PHP PHP 3.0.5 PHP PHP 3.0.4 PHP PHP 3.0.3 PHP PHP 3.0.2 PHP PHP 3.0.1 PHP PHP 3.0 PHP PHP_FI 2.0b10 PHP PHP_FI 2.0 PHP PHP_FI 1.0 PHP 5.2.17 PHP 5.3.0 PHP 5.3.1 PHP 5.3.2 PHP 5.3.3

Php - Php

Advisory	Patch	Confirmed	Link
			http://bugs.php.net/52941
			[php-general] 20070410 Decoding from unknown charsets (i...
			http://www.php.net/ChangeLog-5.php
			php-iconvmimedecodeheaders-sec-bypass(64963)

CVE-2010-4699

2011-01-18 21:00:10 2018-10-30 17:26:21

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)