MS.Windows.Libarchive.execute_filter_e8.Integer.Overflow
Description
This indicates an attack attempt to exploit an Integer Overflow Vulnerability in Microsoft Windows.
The vulnerability is due to insufficient bounds checks on the block length of a RARVM filter used for Intel E8 preprocessing, included in the compressed data of a RAR archive. A remote attacker could exploit this vulnerability by enticing a target user into extracting a crafted RAR archive. Successful exploitation could result in arbitrary code execution in the context of the application using the vulnerable library.
Affected Products
Microsoft Windows 11 Version 22H2
Microsoft Windows 11 Version 23H2
Microsoft Windows Server 2022, 23H2 Edition
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |