Описание
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.
Ссылки
- Third Party Advisory
- Release Notes
Уязвимые конфигурации
EPSS
6.8 Medium
CVSS3
Дефекты
Связанные уязвимости
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed.
Уязвимость механизма Mark of the Web (MOTW) файлового архиватора WinRAR, позволяющая нарушителю выполнить произвольный код
EPSS
6.8 Medium
CVSS3