0-day Vulnerability In Horde Webmail Email System

Resources
News
0-day Vulnerability In Horde Webmail Email System

We would like to bring your attention to the following 0-day exploit we have recently become aware of.

The Horde Webmail Software has been found to contain a nine year old unpatched security vulnerability. Exploitation of this vulnerability could be used to gain complete access to email accounts simply by previewing an attachment.

Affected Version

5.2.22

The flaw, believed to have been introduced by a code change in November 2012, relates to a stored cross-site scripting flaw (persistent XSS) that allows an attacker to craft an OpenOffice document in such a manner that when it is previewed, it automatically executes an arbitrary JavaScript payload.

The vulnerability triggers when a targeted user views an attached OpenOffice document in the browser. This results in the ability for an attacker to steal all emails the victim has sent and received. If an attacker was successful in targeting an administrator by sending a personalised, malicious email, they could abuse this privileged access to take over the entire webmail server.

Remediation

At this time, there are no patches for Horde webmail that are available, however Horde Webmail users are advised to disable the rendering of OpenOffice attachments by editing the config/mime_drivers.php file to add the ‘disable’ => true configuration option to OpenOffice mime handler.

We are actively monitoring the situation.

References:

SonarSource: https://blog.sonarsource.com/horde-webmail-account-takeover-via-email
The Hacker News: https://thehackernews.com/2022/02/9-year-old-unpatched-email-hacking-bug.html

Close-up of a mechanical keyboard with red-lit keys, symbolizing offensive cybersecurity activity.

The Evolution of EDR Bypasses: A Historical Timeline

The relationship between Endpoint Detection and Response (EDR) solutions and bypass techniques represents one of cybersecurity’s most dynamic battlegrounds. They are a representation of Cybersecurity as…

Billy Giles, Head of Adversary Simulation at CovertSwarm North America, bringing over two decades of offensive cyber operations experience to strengthen constant cyber attack capabilities.

Billy Giles joins CovertSwarm as Head of Adversary Simulation for North America

CovertSwarm proudly welcomes Billy Giles as Head of Adversary Simulation for the North America region, strengthening our offensive cybersecurity capabilities and constant cyber attack subscription services.…

ANATOMY OF A BREACH: INSIDE THE MODERN RETAIL ATTACK

Retail breaches don’t start with ransomware. They start with people. From social engineering to persistent access, attackers exploit the unseen gaps in your defenses. Learn how…