{"uuid": "089bbfc3-bf2d-414c-8dce-93f77d6b1381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28128", "type": "seen", "source": "https://t.me/ShizoPrivacy/216", "content": "|CVE-2022-28128|\nUntrusted search path vulnerability in AttacheCase\nAttacheCase(github)\n\n\ud83e\udda0\u0412 AttacheCase(\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0434\u043b\u044f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432) \u0432\u0435\u0440\u0441\u0438\u0438 3.6.1.0 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c DLL \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e(\u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0442\u0440\u043e\u044f\u043d  DLL), \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u043d\u0435\u043d\u0430\u0434\u0451\u0436\u043d\u043e\u0433\u043e \u043f\u043e\u0438\u0441\u043a\u0430 \u043f\u0443\u0442\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0437\u0430\u043b\u0430\u0442\u0430\u043d\u0430 \u0438 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u044d\u0442\u043e\u0439, \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0430\u044f(AttacheCase3) \u0442\u043e\u0436\u0435 \u043f\u043e\u0444\u0438\u043a\u0448\u0435\u043d\u0430. \u0414\u043b\u044f \u0435\u0451 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\ud83e\udda0In AttacheCase(file encryption software) version 3.6.1.0 and earlier, it is possible to load the DLL insecurely (for example, a Trojan DLL), through an unreliable search path and get privileges to execute malicious code.\nThe vulnerability was patched up and thanks to the elimination of this, the previous one (AttacheCase3) is also fixed. To fix it, you just need to upgrade to the latest version.\n\n#cve", "creation_timestamp": "2022-03-31T22:26:04.000000Z"}