The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."

cabview.dll在Cabinet文件浏览器外壳扩展5.1、6.0和6.1中的功能，在Microsoft Windows 2000 SP4、Windows XP SP2和SP3、Windows Server 2003 SP2、Windows Vista Gold、SP1和SP2、Windows Server 2008 Gold、SP2和R2以及Windows 7中，文件哈希值验证功能未正确使用未指定字段，这允许远程攻击者通过修改的Cabinet(即.CAB文件)执行任意代码，即“Cabview损坏验证漏洞”。

NVD 暂无评分

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）