Security News > 2022 > August > CISA warns of Windows and UnRAR flaws exploited in the wild

CISA warns of Windows and UnRAR flaws exploited in the wild
2022-08-09 23:07

The U.S. Cybersecurity and Infrastructure Security Agency has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence of active exploitation.

Officially tracked as CVE-2022-34713 and informally referred to as DogWalk, the security flaw in MSDT allows an attacker to place a malicious executable into the Windows Startup folder.

In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.

In a web-based attack scenario, an attacker could host a website containing a specially crafted file designed to exploit the vulnerability.

The company notes that the issue has been exploited in attacks.

The second vulnerability added to CISA's Known Exploited Vulnerabilities Catalog is tracked as CVE-2022-30333 and is a path traversal bug in the UnRAR utility for Linux and Unix systems.


News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-and-unrar-flaws-exploited-in-the-wild/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-08-09 CVE-2022-34713 Unspecified vulnerability in Microsoft products
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
0.0
2022-05-09 CVE-2022-30333 Path Traversal vulnerability in multiple products
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.
network
low complexity
rarlab debian CWE-22
7.5