Security Bulletin 24931936

Manipulation of ZEDMAIL technical files can allow an elevation of privilege

High

Security Bulletin 24931936
CVE-2024-46462 11/12/2024 (ZEDMAIL)

Manipulation of ZEDMAIL technical files can allow an elevation of privilege.

SUMMARY

Technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege.

CVSS SCORE: BASE 7.8 HIGH

  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges required (PR): None (N)
  • User interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): High (H)

DETAILS

AFFECTED PRODUCTS AND VERSIONS

All versions of ZEDMAIL Windows

SOLUTIONS AND RECOMMENDATIONS

Correcting this vulnerability requires a configuration change (security policies).
Details are provided in the customer space.

ACKNOWLEDGEMENTS

Nicolas RODRIGUES from OPPIDA Evaluation Center.