CVE-2024-38165

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 13, 2024
Updated: Aug 16, 2024
CWE ID 73

Summary

CVE-2024-38165 is a newly discovered vulnerability affecting Windows Compressed Folder. An attacker can manipulate compressed files in such a way that, when opened, malicious code is executed on the victim's system. The vulnerability allows for tampering with compressed files, potentially leading to code injection and unauthorized system access. This issue poses a significant risk to organizations and individuals using the affected software, as it can be exploited through specially crafted compressed files sent via email or downloaded from the internet. Microsoft is working on a patch to address this vulnerability, and it is recommended that users apply it as soon as it becomes available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows 11 22h2
  • Microsoft Windows 11 23h2

Affected Vendors

  • Microsoft