{"vulnerability": "CVE-2022-28128", "sightings": [{"uuid": "089bbfc3-bf2d-414c-8dce-93f77d6b1381", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28128", "type": "seen", "source": "https://t.me/ShizoPrivacy/216", "content": "|CVE-2022-28128|\nUntrusted search path vulnerability in AttacheCase\nAttacheCase(github)\n\n\ud83e\udda0\u0412 AttacheCase(\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430 \u0434\u043b\u044f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432) \u0432\u0435\u0440\u0441\u0438\u0438 3.6.1.0 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0445 \u043c\u043e\u0436\u043d\u043e \u0437\u0430\u0433\u0440\u0443\u0436\u0430\u0442\u044c DLL \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e(\u043a \u043f\u0440\u0438\u043c\u0435\u0440\u0443 \u0442\u0440\u043e\u044f\u043d  DLL), \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u043d\u0435\u043d\u0430\u0434\u0451\u0436\u043d\u043e\u0433\u043e \u043f\u043e\u0438\u0441\u043a\u0430 \u043f\u0443\u0442\u0438 \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430.\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0437\u0430\u043b\u0430\u0442\u0430\u043d\u0430 \u0438 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u044d\u0442\u043e\u0439, \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0430\u044f(AttacheCase3) \u0442\u043e\u0436\u0435 \u043f\u043e\u0444\u0438\u043a\u0448\u0435\u043d\u0430. \u0414\u043b\u044f \u0435\u0451 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\ud83e\udda0In AttacheCase(file encryption software) version 3.6.1.0 and earlier, it is possible to load the DLL insecurely (for example, a Trojan DLL), through an unreliable search path and get privileges to execute malicious code.\nThe vulnerability was patched up and thanks to the elimination of this, the previous one (AttacheCase3) is also fixed. To fix it, you just need to upgrade to the latest version.\n\n#cve", "creation_timestamp": "2022-03-31T22:26:04.000000Z"}, {"uuid": "ad3ea414-47af-412c-8662-fa035b971645", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28128", "type": "seen", "source": "https://t.me/cibsecurity/39900", "content": "\u203c CVE-2022-28128 \u203c\n\nUntrusted search path vulnerability in AttacheCase ver.3.6.1.0 and earlier allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-31T12:18:22.000000Z"}]}