漏洞标题
N/A
漏洞描述信息
cabview.dll在Cabinet文件浏览器外壳扩展5.1、6.0和6.1中的功能,在Microsoft Windows 2000 SP4、Windows XP SP2和SP3、Windows Server 2003 SP2、Windows Vista Gold、SP1和SP2、Windows Server 2008 Gold、SP2和R2以及Windows 7中,文件哈希值验证功能未正确使用未指定字段,这允许远程攻击者通过修改的Cabinet(即.CAB文件)执行任意代码,即“Cabview损坏验证漏洞”。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Microsoft Windows Cabinet File Viewer Cabview动态库'cabview.dll'远程代码执行漏洞
漏洞描述信息
Windows Cabinet File Viewer(cabview.dll)用于查看、打开、浏览和解压cabinet文件和档案。 Microsoft Windows Cabinet File Viewer Cabview动态库'cabview.dll'认证签名验证程序存在远程代码执行漏洞。Windows Cabinet File Viewer在签名和验证cabinet文件时忽略了文件digest的一些字段。匿名攻击者可以通过修改已有的签名cabinet文件以便将签名文件的未验证部分指向恶意代码然后诱骗
CVSS信息
N/A
漏洞类别
授权问题