Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] Attack type : Remote Patch Status : Unpatched Exploitation : # Author: Usman Saeed # Company: Xc0re Security Research Group # Website: http://www.xc0re.net # Twitter : http://twitter.com/emuess # Original Advisory DATE: [29/01/2014] # Publishing of Exploit Date : [17/02/2014] Description =========== It is possible to inject malicious HTML Elements into the email and cause a Cross site Scripting (XSS) payload to be executed. Tested ICEWARP Client Versions (http://www.icewarp.com/) ============================ Version : 11.0.0.0 (2014-01-25) x64 & 10.3.4 Browser Used ============= Mozilla Firefox 26.0 Proof Of Concept ============ Please find the details about the exploit : http://xc0re.net/blog/?p=363 Proof Of Concept ================= For Version: ICEWARP 11.0.0 >

> >

> Note: For Version: ICEWARP 10.3.4