Blue Mail Mark-of-the-Web Bypass Vulnerability

A vulnerability in Blue Mail versions through 1.140.103 allows for the bypass of Windows file protection mechanisms. When using the attachment interaction feature, Blue Mail saves documents without a Mark-of-the-Web tag, leaving users exposed to potential threats.

Impact

Exploitation of this vulnerability could lead to remote code execution on the user's system, particularly for those with Microsoft Office Word versions 16 and below.

Reproduction

To reproduce this vulnerability, open a Word document in Blue Mail 1.140.103 or earlier and use the 'Open with' or 'Save as' functions to download an Office Word attachment. This can be done by injecting a malicious RTF object into a Word document via Remote Template Injection, using a known vulnerability in the Office Word equation editor.