Browse Source

Updated README

master
d3adc0de 8 months ago
parent
commit
701acf48f9
  1. 7
      README.md

7
README.md

@ -60,9 +60,10 @@ let's see the most important: @@ -60,9 +60,10 @@ let's see the most important:
and according to [MS documentation](http://download.microsoft.com/download/4/d/a/4da14f27-b4ef-4170-a6e6-5b1ef85b1baa/[ms-cab].pdf),
this value can be 0
**NOTE1**: Defender now detects the CAB file using the `_IMAGE_DOS_HEADER.e_magic` value as a signature, potentially avoiding
PE files to be embedded in the CAB. Can this signature be bypassed? As observed before, this is a patched vulnerability,
so I'm not planning to release anything more complex than this. Up to the curious reader to develop this further.
**NOTE1**: Defender now detects if the CAB file contains a PE by using the `_IMAGE_DOS_HEADER.e_magic` value as a
signature, potentially avoiding PE files to be embedded in the CAB. Can this signature be bypassed?
I'm not sure but, as observed before, this is a patched vulnerability, so I'm not planning to invest much more time
on this. Up to the curious reader to develop this further.
**NOTE2**: Microsoft Patch blocks arbitrary URI schemes, apparently using a blacklist approach (this is just a supposition)

Loading…
Cancel
Save