Dropbox Desktop Mark-of-the-Web Bypass Vulnerability - 20240617002¶
Overview¶
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
What is vulnerable?¶
| Products Affected. | CVE | CVSS | Severity |
|---|---|---|---|
| Dropbox Desktop Folder Sharing Versions prior 198.4.7615 | CVE-2024-5924 | 8.8 | High |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC strongly advises Administrators to monitor for suspicious activity surrounding content downloaded from Dropbox while awaiting an official update from the vendor.