漏洞描述
Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。Object Packager是用来创建可插入到文件中的软件包的工具。 Microsoft Windows Object Packager的注册和使用方式中存在远程代码执行漏洞。攻击者可利用该漏洞诱使用户打开包含远程WebDAV或SMB共享上内嵌打包对象的.pub文件,加载可执行文件packager.exe。成功利用此漏洞的攻击者可完全控制受影响系统。
Microsoft Windows Object Packager远程代码执行漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2024-33939: Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference
- POC sharepoint-lists-api-disclosure: Microsoft SharePoint - List API Disclosure
- 华天动力协同办公系统 /OAapp/WebObjects/OAapp.woa/ws/WSTraceCreate XML 外部实体注入漏洞
- POC CVE-2025-13315: Twonky Server 8.5.2 on Linux and Windows - Log File Exposure
- POC sharepoint-layouts-disclosure: Microsoft SharePoint - Layouts Disclosure
- POC sharepoint-masterpage-disclosure: Microsoft SharePoint - Master Page Disclosure
- POC sharepoint-site-metadata-disclosure: Microsoft SharePoint - Site Metadata Disclosure
- POC sharepoint-sitepages-disclosure: Microsoft SharePoint - Site Pages Disclosure
- POC CVE-2025-49706: Microsoft SharePoint Server - Authentication Bypass
- Windows PolicyConfiguration 计划任务特权提升漏洞(CVE-2025-60710)
- Windows 11 PolicyConfiguration 计划任务特权提升漏洞(CVE-2025-60710)
- Windows 11 RAiLaunchAdminProcess 管理员保护特权提升漏洞
- (CVE-2025-62522)Vite开发服务器Windows环境下文件泄露漏洞