Microsoft .diagcab Directory Traversal / Code Execution

A flaw in the implementation of Microsoft's Troubleshooter technology could lead to remote code execution if a crafted .diagcab file is opened by the victim. The exploit leverages a rogue webdav server to trick MSDT to drop files to attacker controller locations on the file system.

MD5 | b8326808b53e39ccbf0e5710fae5f1af

Related Posts