CVE-2023-36396

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 14, 2023

Updated: May 29, 2024

CWE ID 41

Summary

CVE-2023-36396 is a remote code execution vulnerability affecting Windows Compressed Folders. An attacker can exploit this weakness by crafting a specially designed cabinet file, which, when opened, allows the attacker to execute arbitrary code on the target system. Successful exploitation of this vulnerability could result in significant security risks, including unauthorized system access, data theft, or further malware infection. Microsoft strongly advises users to install the available patches as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Microsoft Windows 11 22h2

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tZ7HoH
https://www.cve.org/CVERecord?id=CVE-2023-36396
https://nvd.nist.gov/vuln/detail/CVE-2023-36396

Back to Vulnerability Database