The Cybersecurity and Infrastructure Security Agency (CISA) has added one Zimbra and three Microsoft vulnerabilities to its Known Exploited Vulnerabilities Catalog based on evidence that cyber criminals are actively exploiting the vulnerabilities.
As noted in Table 1 below, the first cross-site scripting vulnerability CVE-2022-24682 impacts the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1). The issue has been exploited in the wild since December 2021.
As a result, an attacker could place HTML containing executable JavaScript inside element attributes.
CVE ID | Vulnerability Name |
CVE-2022-24682 | Zimbra Webmail Cross-Site Scripting Vulnerability |
CVE-2017-8570 | Microsoft Office Remote Code Execution |
CVE-2017-0222 | Microsoft Internet Explorer Remote Code Execution |
CVE-2014-6352 | Microsoft Windows Code Injection Vulnerability |
For the second exploited issue, Microsoft patched the Office remote code execution (RCE) vulnerability CVE-2017-8570 in July 2017.
After 2017, leaked versions of Nanocore were widely used by the threat actors in their campaigns. In August of 2019, researchers from Trend Micro discovered attackers exploiting a Critical Microsoft Office remote code execution vulnerability CVE-2017-8570 to download Nanocore in malicious campaigns.
For the third issue, an Internet Explorer memory corruption vulnerability CVE-2017-0222 could result in remote code execution. Microsoft also confirmed exploitation was detected.
The last exploited vulnerability CVE-2014-6352 could allow a remote actor to execute arbitrary code via a crafted OLE object. This issue has been exploited in the wild since October 2014 with a crafted PowerPoint document and affects many end-of-life operating systems such multiple versions of Windows 7, Windows 8, Windows XP, Windows Vista, Windows Server 2008 among others.