CVE-2024-40673

Name of the Vulnerable Software and Affected Versions Java (affected versions not specified)

Description The issue allows an attacker to execute arbitrary code by manipulating Dynamic Code Loading due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. The vulnerability is related to the ZipFile.java source and the ZFILE Open function, which accepts malformed ZIP files without proper checks, leading to incorrect memory accesses.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.