Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Microsoft admits that there is an Outlook email vulnerability in Win10/11, and hackers can use WAV audio files to execute code remotely

2024-12-09 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Share

Shulou(Shulou.com)12/24 Report--

CTOnews.com

Both vulnerabilities were discovered by Akamai, a security company that claims Microsoft created more vulnerabilities after fixing CVE-2023 - 23397 in March.

Akamai (the same below) CTOnews.com noted that hackers can exploit CVE-2023 - 35384 vulnerability to send victims a "reminder" email with "notification sound". After receiving the letter, the system will download a specially crafted WAV audio file from the hacker's server.

After the victim receives a specific audio file, the hacker can exploit CVE-2023 - 36710 to trigger an integer overflow vulnerability in the system audio compression manager (ACM) through a specially crafted WAV audio file, thereby remotely executing arbitrary code.

The security firm noted that although Microsoft has fixed the vulnerability, hackers can still find new vulnerabilities from the attack surface and exploit them "because the attack surface of Outlook still exists."

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

IT Information

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report