Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1266 — Evolution vulnerability

7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

3.9%

top 11.74%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Gnome Evolution

Timeline

PublishedMar 6

Latest updateMay 1

Description

Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attackers to forge the contents of a message without detection.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgnome/evolution2.8.1

Patches

Patch: www.coresecurity.com ↗Patch: www.coresecurity.com ↗

🔴Vulnerability Details

GHSA

GHSA-hr5c-fh4q-4782: Evolution 2↗2022-05-01

▶

CVEList

CVE-2007-1266: Evolution 2↗2007-03-06

▶

OSV

CVE-2007-1266: Evolution 2↗2007-03-06

▶

💥Exploits & PoCs

Exploit-DB

Gnome Evolution 2.x - GnuPG Arbitrary Content Injection↗2007-03-05

▶

📋Vendor Advisories

Debian

CVE-2007-1266: evolution - Evolution 2.8.1 and earlier does not properly use the --status-fd argument when ...↗2007

▶