PT-2023-20889 · China Mobile · China Mobile Oa Mailbox Pc
Yzlcqx
·
Published
2023-04-10
·
Updated
2025-02-11
·
CVE-2023-26986
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
China Mobile OA Mailbox PC version 2.9.23
Description
An issue in China Mobile OA Mailbox PC allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox.
Recommendations
For China Mobile OA Mailbox PC version 2.9.23, consider avoiding the use of crafted EML files until a patch is available. As a temporary workaround, restrict user interaction with potentially malicious EML files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
China Mobile Oa Mailbox Pc