Related to the incomplete patch for CVE-2022-39197, see [[Cobalt Strike RCE (CVE-2022-39197)]].
## Tweets
- https://twitter.com/gregdarwin/status/1582029022359261185
<blockquote class="twitter-tweet"><p lang="en" dir="ltr">Cobalt Strike 4.7.2 is live. This is a patch release to fix a remote code execution vulnerability. Full details on the blog: <a href="https://t.co/rTgK6NHYWC">https://t.co/rTgK6NHYWC</a><br>If you may want to revert back to 4.7.1 at some point, make a backup of your CS folder before updating.</p>— Greg Darwin (@gregdarwin) <a href="https://twitter.com/gregdarwin/status/1582029022359261185?ref_src=twsrc%5Etfw">October 17, 2022</a></blockquote>
- https://twitter.com/0x09AL/status/1582412889784127491
<blockquote class="twitter-tweet"><p lang="en" dir="ltr">Full analysis of the Cobalt Strike RCE that me and <a href="https://twitter.com/FuzzySec?ref_src=twsrc%5Etfw">@FuzzySec</a> wrote up is now up.<a href="https://t.co/882Xpd3i8x">https://t.co/882Xpd3i8x</a></p>— Rio (@0x09AL) <a href="https://twitter.com/0x09AL/status/1582412889784127491?ref_src=twsrc%5Etfw">October 18, 2022</a></blockquote>
- https://twitter.com/FuzzySec/status/1582415392420466700
<blockquote class="twitter-tweet"><p lang="en" dir="ltr">Btw we did request a CVE for the RCE in Cobalt Strike v4.7.1 so don't worry CVE-2022-42948π€«. Tell me though, how many people been exploiting this for CI and for how long? π <a href="https://t.co/pXNljPRQk7">https://t.co/pXNljPRQk7</a></p>— b33f | πΊπ¦β (@FuzzySec) <a href="https://twitter.com/FuzzySec/status/1582415392420466700?ref_src=twsrc%5Etfw">October 18, 2022</a></blockquote>
## Links
- https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/
- https://securityintelligence.com/posts/analysis-rce-vulnerability-cobalt-strike/
- https://www.agarri.fr/blog/archives/2012/05/11/svg_files_and_java_code_execution/index.html π