发布日期：2003-10-25
更新日期：2003-10-30

受影响系统：

Rit Research Labs The Bat! 2.01
Rit Research Labs The Bat! 2.0
Rit Research Labs The Bat! 1.52
Rit Research Labs The Bat! 1.51
Rit Research Labs The Bat! 1.5
Rit Research Labs The Bat! 1.49
Rit Research Labs The Bat! 1.48
Rit Research Labs The Bat! 1.47
Rit Research Labs The Bat! 1.46
Rit Research Labs The Bat! 1.45
Rit Research Labs The Bat! 1.44
Rit Research Labs The Bat! 1.43
Rit Research Labs The Bat! 1.42f
Rit Research Labs The Bat! 1.42
Rit Research Labs The Bat! 1.41
Rit Research Labs The Bat! 1.39
Rit Research Labs The Bat! 1.36
Rit Research Labs The Bat! 1.35
Rit Research Labs The Bat! 1.34
Rit Research Labs The Bat! 1.33
Rit Research Labs The Bat! 1.32
Rit Research Labs The Bat! 1.31
Rit Research Labs The Bat! 1.22
Rit Research Labs The Bat! 1.21
Rit Research Labs The Bat! 1.19
Rit Research Labs The Bat! 1.18
Rit Research Labs The Bat! 1.17
Rit Research Labs The Bat! 1.15
Rit Research Labs The Bat! 1.14
Rit Research Labs The Bat! 1.101
Rit Research Labs The Bat! 1.1
Rit Research Labs The Bat! 1.043
Rit Research Labs The Bat! 1.041
Rit Research Labs The Bat! 1.039
Rit Research Labs The Bat! 1.037
Rit Research Labs The Bat! 1.036
Rit Research Labs The Bat! 1.035
Rit Research Labs The Bat! 1.032
Rit Research Labs The Bat! 1.031
Rit Research Labs The Bat! 1.029
Rit Research Labs The Bat! 1.028
Rit Research Labs The Bat! 1.015
Rit Research Labs The Bat! 1.011
Rit Research Labs The Bat! 1.53d
    - Microsoft Windows XP Home
    - Microsoft Windows NT 4.0 SP6a
    - Microsoft Windows NT 4.0 SP6
    - Microsoft Windows NT 4.0 SP5
    - Microsoft Windows NT 4.0 SP4
    - Microsoft Windows NT 4.0 SP3
    - Microsoft Windows NT 4.0 SP2
    - Microsoft Windows NT 4.0 SP1
    - Microsoft Windows NT 4.0
    - Microsoft Windows ME
    - Microsoft Windows 98
    - Microsoft Windows 95
    - Microsoft Windows 2000 Professional SP2
    - Microsoft Windows 2000 Professional SP1
    - Microsoft Windows 2000 Professional

描述：

---

BUGTRAQ  ID: 8891
CVE(CAN) ID: CVE-2003-1133

'The Bat!'是一款配置容易多用户方便使用的邮件客户端。

'The Bat!'以不安全的默认访问权限建立用户目录，本地攻击者可以利用这个漏洞未授权获得其他用户敏感信息。

当在'The Bat!'中新建立帐户时，在%programfiledir%\TheBat!\MAIL\建立的目录没有任何权限限制，即使GUEST用户也能读"MESSAGES.TBB" "MESSAGES.TBI"文件，而且这两个文件内容还以明文存取。攻击者可以利用这些信息获得用户敏感信息。

<*来源：Bipin Gautam hUNT3R （door_hunt3r@blackcodemail.com）
  
  链接：http://marc.theaimsgroup.com/?l=bugtraq&m=106727307229465&w=2
*>

建议：

---

厂商补丁：

Rit Research Labs
-----------------
目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：

http://www.ritlabs.com/the_bat/

浏览次数：2970
严重程度：0（网友投票）