bouncethebox

(-(-_(-_-)_-)-)

Menu
  • CISA / US-CERT / ICS-CERT
  • cod
Menu

M365 Team Discovers Phishing Email Pushing WinRAR Exploit

Posted on February 3, 2023February 4, 2023 by Bill Beehner

SOURCE: otx.alienvault.com | Created: 2 years ago | Updated: 2 months ago

CVE Overview: In WinRAR versions prior to and including 5.61, There is path traversal vulnerability when crafting the filename field of the ACE format (in UNACEV2.dll). When the filename field is manipulated with specific patterns, the destination (extraction) folder is ignored, thus treating the filename as an absolute path.

REF URL: https://otx.alienvault.com/indicator/cve/CVE-2018-20250

═╬══ archives ════►

  • February 2023
  • October 2022
  • December 2020
  • April 2020

═╬══ categories ════►

  • Microsoft 365
  • Microsoft 365 Defender
  • Microsoft 365 Security
  • Microsoft Teams
  • OneDrive for Business

©2023 bouncethebox