CVE-2024-46462
📋 TL;DR
This vulnerability allows unauthorized users to access dedicated ZEDMAIL folders on Windows systems, potentially enabling privilege escalation by misusing technical files. It affects ZEDMAIL for Windows installations with default configurations up to version 2024.3. Organizations using ZEDMAIL on multi-user Windows systems are at risk.
💻 Affected Systems
- ZEDMAIL for Windows
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could execute arbitrary code with elevated privileges, potentially gaining full system control, accessing sensitive data, or installing persistent malware.
Likely Case
Unauthorized users accessing and modifying ZEDMAIL configuration files to gain elevated privileges for specific ZEDMAIL-related operations.
If Mitigated
Limited impact with proper folder permissions and configuration hardening, restricting access to authorized users only.
🎯 Exploit Status
Exploitation requires local access to the Windows system. The vulnerability is in folder permissions, making exploitation straightforward for users with local access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2024.4 or later
Vendor Advisory: https://www.primx.eu/en/bulletins/security-bulletin-24931936/
Restart Required: Yes
Instructions:
1. Download ZEDMAIL version 2024.4 or later from the official vendor site. 2. Run the installer to upgrade. 3. Restart the system to apply changes. 4. Verify folder permissions are properly configured post-upgrade.
🔧 Temporary Workarounds
Restrict ZEDMAIL Folder Permissions
windowsManually adjust folder permissions to restrict access to authorized users only.
icacls "C:\Program Files\ZEDMAIL\dedicated_folders" /inheritance:r /grant:r "DOMAIN\AuthorizedUser:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F"
icacls "C:\ProgramData\ZEDMAIL\dedicated_folders" /inheritance:r /grant:r "DOMAIN\AuthorizedUser:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F"
🧯 If You Can't Patch
- Implement strict access controls on ZEDMAIL folders using Windows permissions to allow only authorized users.
- Monitor access to ZEDMAIL folders and audit permission changes regularly.
🔍 How to Verify
Check if Vulnerable:
Check ZEDMAIL version via Help > About in the application. If version is 2024.3 or earlier, the system is vulnerable. Also verify folder permissions on dedicated ZEDMAIL folders.Check Version:
In ZEDMAIL, navigate to Help > About to view version. Alternatively, check file properties of ZEDMAIL executable.Verify Fix Applied:
Confirm ZEDMAIL version is 2024.4 or later and verify dedicated folders have restricted permissions (only SYSTEM and authorized users have full control).📡 Detection & Monitoring
Log Indicators:
- Windows Security logs showing unauthorized access attempts to ZEDMAIL folders
- ZEDMAIL application logs showing unexpected configuration changes
Network Indicators:
- No direct network indicators as this is a local privilege escalation vulnerability
SIEM Query:
EventID=4663 AND ObjectName LIKE '%ZEDMAIL%' AND AccessMask=0x100 OR EventID=4656 AND ObjectName LIKE '%ZEDMAIL%'