CVE-2024-38213: Copy2Pwn Explo... Note

CVE-2024-38213: Copy2Pwn Exploit Evades Windows Web Protections

The Zero Day Initiative threat researchers discovered a vulnerability, CVE-2024-38213, which allows bypassing Windows mark-of-the-web protections, leading to remote code execution. This vulnerability was found during an investigation into the DarkGate operators' activities. WebDAV shares are increasingly used by threat actors to host malicious payloads. Files accessed through WebDAV shares via Windows Explorer do not receive the Mark-of-the-Web designation, making them dangerous as they can be opened without Windows Defender SmartScreen or Microsoft Office Protected View protections. The ZDI Threat Hunting Team constantly monitors for new threats and integrates threat research with proactive vulnerability research to protect customers from potential attacks.