RockLiffe MailSite wconsole.dll Denial of Service/Script Injection Vulnerability
OS2A ID: OS2A_1004 Status
01/06/2006 Issue Discovered
01/06/2006 Reported to the vendor
01/19/2006 Patch Released
01/20/2006 Advisory Released
Class: Denial of Service / Script Injection Severity: CRITICAL
Rockliffe's MailSite is a program for providing access to email
accounts on Microsoft Windows operating systems. MailSite HTTP Mail management
agent could allow a remote attacker to cause a denial of service or
execute arbitrary script code.
1. MailSite HTTP Mail management agent 126.96.36.199 version could allow a remote
attacker cause a denial of service. A bug in the input validation routine
in httpma causes the svchost process to consume more CPU cycles thus
impacting Mailsite HTTP Management agent and ultimately crashing the service.
2. MailSite HTTP Mail management agent 6.x and 5.x could allow a remote
attacker to inject arbitrary script code. This vulnerability is caused
due to a design error in the wconsole.dll. This dll file contains html
code embedded in it which is not properly sanitizing the user-input.
1. Remote attackers can exploit this issue to trigger a denial of service
2. An attacker may leverage this issue to have arbitrary script code
executed in the browser in the context of the affected site.
MailSite 188.8.131.52 and prior
MailSite 6.1.22 and prior
Exploit/Proof of Concept:
For 7.x series
Any special characters passed to the parameters in the wconsole.dll
triggers denial of service.
For 6.x & 5.x series
For 7.x series apply the following patch.