关联漏洞
标题:Microsoft Windows Libarchive 安全漏洞 (CVE-2024-20696)Description:libarchive是一款多格式存档和压缩库。 Microsoft Windows Libarchive存在安全漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Se
介绍
# libarchive-harness-win - CVE-2024-20696
Blog post: https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/
A simple test harness for CVE-2024-20696
1. Download a version of archiveint.dll that you want to test
2. Update the path [here](libarchive-harness-win.cpp#94)
3. Update the file path to point to the test archive to process. A sample one [bsdtar-invalid-read.rar](bsdtar-invalid-read.rar)
文件快照
[4.0K] /data/pocs/f8c462f5ff19d6d45bda0c65be9e08a0a317b0b4
├── [ 53K] archive.h
├── [ 63] bsdtar-invalid-read.rar
├── [6.2K] libarchive-harness-win.cpp
├── [1.4K] libarchive-harness-win.sln
├── [6.4K] libarchive-harness-win.vcxproj
├── [1.1K] libarchive-harness-win.vcxproj.filters
├── [1.0K] LICENSE.txt
└── [ 443] README.md
0 directories, 8 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。