CVE-2005-4080

Horde IMP <= 4.0.4 - Cross-Site Scripting via UTF16 Null Character Handling

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4080. PoCs published by SEC Consult.

AI-analyzed exploit summary This exploit leverages an HTML injection vulnerability in Horde IMP by sending a maliciously crafted email with embedded HTML/JavaScript. The payload is delivered via SMTP using MIME::Lite, targeting users viewing the email in Microsoft Internet Explorer.

Description

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SEC Consult · perlremotelinux

https://www.exploit-db.com/exploits/26741

View Code ZIP pw:eip

This exploit leverages an HTML injection vulnerability in Horde IMP by sending a maliciously crafted email with embedded HTML/JavaScript. The payload is delivered via SMTP using MIME::Lite, targeting users viewing the email in Microsoft Internet Explorer.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Horde IMP (version not specified)

No auth needed

Prerequisites: SMTP access to the target mail server · Victim uses Microsoft Internet Explorer

MITRE ATT&CK