Main Vulnerability Database SB2024061875

SB2024061875 - Remote code execution in Dropbox Desktop

Published: June 18, 2024

Security Bulletin ID SB2024061875

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Security features bypass (CVE-ID: CVE-2024-5924)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected application does not apply the Mark-of-the-Web to the local files when syncing files from a shared folder belonging to an untrusted account. A remote attacker can bypass the Mark-of-the-Web protection mechanism and execute arbitrary code on the system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-677/