The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked "safe for scripting," which allows remote attackers to add arbitrary e-mail addresses and domains to the spam blocker whitelist via the (1) AddSenderToWhitelist and (2) AddDomainToWhitelist functions.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00548
Percentile: 0.66884

CVSS Scoring

Affected Products

• cpe:2.3:a:earthlink:total_access:*:*:*:*:*:*:*:*

← Back to Home