Kuba GretzkyNov 8, 2022

Microsoft has just released a patch for ZIP MOTW vulnerability assigned as CVE-2022-41091.

I am happy to be able to finally drop my bug analysis write-up! 🔥🐜​

Enjoy and happy patching!
https://breakdev.org/zip-motw-bug-analysis/

Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)

Windows ZIP extraction bug (CVE-2022-41049) lets attackers craft ZIP files, which evade warnings on attempts to execute packaged files, even if ZIP file was downloaded from the Internet.

BREAKDEV
Show threadRich Warren
@mrgretzky great write up Kuba! Interesting to see your approach to RE the bug 🐛🔥
Nov 8, 2022 at 8:30pmWeb
Show threadKuba GretzkyNov 8, 2022

@buffaloverflow Thanks Rich! I honestly thought it would be something more complex, but couldn't back out later 😜​

Next time I promise more l33t haxxx 😀​

Show threadRussellNov 9, 2022
@mrgretzky @buffaloverflow really like the what you tried and why it didn't work even more than the hax - helps us all learn, thanks
Show threadKuba GretzkyNov 9, 2022
@Kempley @buffaloverflow Thanks! That was the goal, so glad it worked 😜​