VULHUB ™

Baltimore Technologies MAILsweeper for SMTP is a commercial application for filtering e-mail content at the gateway level. MAILsweeper does not adequately filter script code from HTML-enabled e-mail. It is possible to trick MAILsweeper's filter by using HTML-encoded characters. Also, adding an additional "<" to the beginning of a HTML tag which includes script code will be sufficient to bypass the script filter. Successful exploitation may allow malicious code to be executed on client systems receiving HTML e-mail. This is due to the fact that the malicious e-mail will not be filtered at the gateway level and may affect users within an organization that is using MAILsweeper to filter e-mail content.

Baltimore Technologies MAILsweeper for SMTP is a commercial application for filtering e-mail content at the gateway level. MAILsweeper does not adequately filter script code from HTML-enabled e-mail. It is possible to trick MAILsweeper's filter by using HTML-encoded characters. Also, adding an additional "<" to the beginning of a HTML tag which includes script code will be sufficient to bypass the script filter. Successful exploitation may allow malicious code to be executed on client systems receiving HTML e-mail. This is due to the fact that the malicious e-mail will not be filtered at the gateway level and may affect users within an organization that is using MAILsweeper to filter e-mail content.