https://detection.fyi/tags/cve.2026-33829/ Recent content in cve.2026-33829 on Detection.FYI Hugo -- gohugo.io Mon, 27 Apr 2026 22:58:55 +0000 https://detection.fyi/sigmahq/sigma/emerging-threats/2026/exploits/cve-2026-33829/proc_creation_win_exploit_cve_2026_33829/ Mon, 27 Apr 2026 22:58:55 +0000 https://detection.fyi/sigmahq/sigma/emerging-threats/2026/exploits/cve-2026-33829/proc_creation_win_exploit_cve_2026_33829/ Detects potential exploitation of CVE-2026-33829, a vulnerability in the Windows Snipping Tool URI handler (ms-screensketch:). An attacker can abuse the 'filePath' parameter to supply a UNC path or HTTP URL, causing SnippingTool.exe to initiate a connection to a remote resource. When a UNC path is used (e.g. \\attacker.com\share), this triggers an outbound NTLM authentication attempt, allowing the attacker to capture or relay the victim's Net-NTLMv2 hash. HTTP-based paths may result in remote file loading or server-side request forgery (SSRF)-style access. The URI can be delivered via a malicious hyperlink, phishing email, or web page.