1
0
Fork 0
mirror of https://github.com/klezVirus/CVE-2021-40444.git synced 2024-11-24 06:20:46 +00:00

Updated README

This commit is contained in:
d3adc0de 2021-09-16 08:22:46 +01:00
parent 29308f9988
commit 701acf48f9

View file

@ -60,9 +60,10 @@ let's see the most important:
and according to [MS documentation](http://download.microsoft.com/download/4/d/a/4da14f27-b4ef-4170-a6e6-5b1ef85b1baa/[ms-cab].pdf),
this value can be 0
**NOTE1**: Defender now detects the CAB file using the `_IMAGE_DOS_HEADER.e_magic` value as a signature, potentially avoiding
PE files to be embedded in the CAB. Can this signature be bypassed? As observed before, this is a patched vulnerability,
so I'm not planning to release anything more complex than this. Up to the curious reader to develop this further.
**NOTE1**: Defender now detects if the CAB file contains a PE by using the `_IMAGE_DOS_HEADER.e_magic` value as a
signature, potentially avoiding PE files to be embedded in the CAB. Can this signature be bypassed?
I'm not sure but, as observed before, this is a patched vulnerability, so I'm not planning to invest much more time
on this. Up to the curious reader to develop this further.
**NOTE2**: Microsoft Patch blocks arbitrary URI schemes, apparently using a blacklist approach (this is just a supposition)