1
0
Fork 0
mirror of https://github.com/klezVirus/CVE-2021-40444.git synced 2024-11-24 06:20:46 +00:00

Updated README

This commit is contained in:
d3adc0de 2021-09-16 08:22:46 +01:00
parent 29308f9988
commit 701acf48f9

View file

@ -60,9 +60,10 @@ let's see the most important:
and according to [MS documentation](http://download.microsoft.com/download/4/d/a/4da14f27-b4ef-4170-a6e6-5b1ef85b1baa/[ms-cab].pdf), and according to [MS documentation](http://download.microsoft.com/download/4/d/a/4da14f27-b4ef-4170-a6e6-5b1ef85b1baa/[ms-cab].pdf),
this value can be 0 this value can be 0
**NOTE1**: Defender now detects the CAB file using the `_IMAGE_DOS_HEADER.e_magic` value as a signature, potentially avoiding **NOTE1**: Defender now detects if the CAB file contains a PE by using the `_IMAGE_DOS_HEADER.e_magic` value as a
PE files to be embedded in the CAB. Can this signature be bypassed? As observed before, this is a patched vulnerability, signature, potentially avoiding PE files to be embedded in the CAB. Can this signature be bypassed?
so I'm not planning to release anything more complex than this. Up to the curious reader to develop this further. I'm not sure but, as observed before, this is a patched vulnerability, so I'm not planning to invest much more time
on this. Up to the curious reader to develop this further.
**NOTE2**: Microsoft Patch blocks arbitrary URI schemes, apparently using a blacklist approach (this is just a supposition) **NOTE2**: Microsoft Patch blocks arbitrary URI schemes, apparently using a blacklist approach (this is just a supposition)