CVE ID | CVE-2018-10497 |
CVSS SCORE | 4.4, AV:L/AC:M/Au:N/C:P/I:P/A:P |
AFFECTED VENDORS |
Samsung |
AFFECTED PRODUCTS |
Email |
VULNERABILITY DETAILS |
The specific flaw exists within the handling of EML files. The issue results from the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. |
ADDITIONAL DETAILS |
|
DISCLOSURE TIMELINE |
|
CREDIT | Tencent Keen Security Lab |