{"uuid": "d3608609-8ac6-41ec-ae14-499ebd077f38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-24071", "type": "published-proof-of-concept", "source": "https://t.me/badbclubua/20", "content": "CVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File\n\nWhen a specially crafted .library-ms file containing an SMB path is compressed within a RAR/ZIP archive and subsequently extracted, Windows Explorer automatically parses the contents of this file due to its built-in indexing and preview mechanism. This behavior occurs because Windows Explorer processes certain file types automatically upon extraction to generate previews, thumbnails, or index metadata, even if the file is never explicitly opened or clicked by the user.\n\nBlog: https://cti.monster/blog/2025/03/18/CVE-2025-24071.html", "creation_timestamp": "2025-03-19T14:47:57.000000Z"}