Windows libarchive Remote Code Execution Vulnerability
CVE-2024-20697
Key Information:
- Vendor
- Microsoft
- Status
- Vendor
- CVE Published:
- 9 January 2024
Badges
Summary
CVE-2024-20697 is a critical vulnerability in Microsoft Windows that allows for remote code execution due to an integer overflow vulnerability in the Libarchive library. The vulnerability arises from insufficient bounds checks on the block length of a RARVM filter used for Intel E8 preprocessing in a RAR archive. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Microsoft has released a patch to address this vulnerability, and organizations are advised to apply the patch and implement detection measures to protect against potential exploitation. No known ransomware groups have exploited this vulnerability in the wild.
Affected Version(s)
Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.3007
Windows 11 version 22H3 ARM64-based Systems 10.0.22631.0 < 10.0.22631.3007
Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22631.3007
News Articles
Zero Day InitiativeCVE-2024-20697Zero Day Initiative — CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Jason McFadyen of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Microsoft Windows. This bug was originally discovered by the Microsoft Offensive Re
References
EPSS Score
53% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by Zero Day Initiative
Vulnerability published
Vulnerability Reserved