ttakvam
Kuba GretzkyMicrosoft has just released a patch for ZIP MOTW vulnerability assigned as CVE-2022-41091.
I am happy to be able to finally drop my bug analysis write-up! 🔥🐜
Enjoy and happy patching!
https://breakdev.org/zip-motw-bug-analysis/
Rich Warren@mrgretzky great write up Kuba! Interesting to see your approach to RE the bug 🐛🔥
@buffaloverflow Thanks Rich! I honestly thought it would be something more complex, but couldn't back out later 😜
Next time I promise more l33t haxxx 😀
Russell@mrgretzky @buffaloverflow really like the what you tried and why it didn't work even more than the hax - helps us all learn, thanks
@Kempley @buffaloverflow Thanks! That was the goal, so glad it worked 😜
Adam Chester 
@mrgretzky that is a cool write up, love the paths you took as well!
@xpn Thanks a lot! ❤️ Even though the whole post in 80% consists of taking the wrong approaches, I think it is best to always see the process, which is sometimes so hard to document.
I took a lot of inspiration from your old MacOS RE posts, as these had a similar vibe 😀
an0nud4y @mrgretzky Your blog writeups are always awesome. Learning a lot from you.
@an0nud4y Thanks man! Much appreciated 😀🍻
Curt Wilson@mrgretzky nice work! I also love that you shared your analytical process, including jumping into IDA too soon. I have done this very thing.
@CurtWilson Thanks Curt! Glad you liked it! I think more people needs to write about failed attempts and not only about success stories, so that we can all learn from them 😀