Cybozu Office CVE-2016-4868 Email Header Injection Vulnerability

Cybozu Office is prone to an email-header-injection vulnerability.

An attacker can exploit this issue to modify the content and perform unauthorized actions.

Cybozu Office 9.0.0 through 10.4.0 are vulnerable.

Information

Bugtraq ID: 97713
Class: Input Validation Error
CVE: CVE-2016-4868

Remote: Yes
Local: No
Published: Apr 17 2017 12:00AM
Updated: Apr 18 2017 09:08PM
Credit: The vendor reported this issue.
Vulnerable: Cybozu Office 10.3
Cybozu Office 10.2
Cybozu Office 10.0.1
Cybozu Office 9.9
Cybozu Office 9.3
Cybozu Office 9.0
Cybozu Office 9.3.1
Cybozu Office 10.4.0
Cybozu Office 10.0.2
Cybozu Office 10

Not Vulnerable: Cybozu Office 10.5

References:

• Cybozu Home Page (Cybozu)
  
• [CyVDB-809] Mail header injection vulnerability (Cybozu)
  
• Cybozu Office vulnerable to mail header injection (JPCERT)
  
• JVNDB-2016-000190 Cybozu Office vulnerable to mail header injection (JPCERT)
  

Source: www.securityfocus.com