[thermos]

"This vulnerability (CVSS SCORE 7.0) allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user."

Hidden Content

You must register or login to view this content.

[ShareluckHomies]

okey, lets see....

[eynariver]

"This vulnerability (CVSS SCORE 7.0) allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user."

12345667899755675

[ezizlitakarev]

thanks thermos for this warm code )

[0asdasdasd]

User interaction is required for this exploit to work.
Thanxx

This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Leeching | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you feel this is incorrect.

[s0u1_cake]

This sounds very promising. Especially if think about the watering hole attack

[Incognitox64]

thanks for the vulnerability w post

[bcxc]

Thank you so much for sharing.

[abir604]

I want to study the poc code, thanks.

[bintNas]

thanks for posting