Windows libarchive Remote Code Execution Vulnerability

Summary

CVE-2024-20697 is a critical vulnerability in Microsoft Windows that allows for remote code execution due to an integer overflow vulnerability in the Libarchive library. The vulnerability arises from insufficient bounds checks on the block length of a RARVM filter used for Intel E8 preprocessing in a RAR archive. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the application using the vulnerable library. Microsoft has released a patch to address this vulnerability, and organizations are advised to apply the patch and implement detection measures to protect against potential exploitation. No known ransomware groups have exploited this vulnerability in the wild.

News Articles

Zero Day Initiative

CVE-2024-20697

Zero Day Initiative — CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability

In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Jason McFadyen of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Microsoft Windows. This bug was originally discovered by the Microsoft Offensive Re

7 months ago