CVE-2023-36396

CVSS 3.1 Score 7.8 of 10 (high)

Details

Published Nov 14, 2023
Updated: May 29, 2024
CWE ID 41

Summary

CVE-2023-36396 is a remote code execution vulnerability affecting Windows Compressed Folders. An attacker can exploit this weakness by crafting a specially designed cabinet file, which, when opened, allows the attacker to execute arbitrary code on the target system. Successful exploitation of this vulnerability could result in significant security risks, including unauthorized system access, data theft, or further malware infection. Microsoft strongly advises users to install the available patches as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows 11 22h2

Affected Vendors

  • Microsoft