Detections
Analytics

CVE-2024-38217

medium

Description

Windows Mark of the Web Security Feature Bypass Vulnerability

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217

https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-flaw-used-in-infostealer-malware-attacks/

https://www.bleepingcomputer.com/news/security/windows-vulnerability-abused-braille-spaces-in-zero-day-attacks/

https://www.databreachtoday.com/bashing-windows-bugs-take-2-microsoft-restores-nixed-fixes-a-26262

https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2024-patch-tuesday-fixes-4-zero-days-79-flaws/

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-smart-app-control-zero-day-exploited-since-2018/

https://www.tenable.com/blog/microsofts-september-2024-patch-tuesday-addresses-79-cves-cve-2024-43491

Details

Source: Mitre, NVD

Published: 2024-09-10

Updated: 2025-01-27

Named Vulnerability: LNK StompingKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Severity: Medium

EPSS

EPSS: 0.15952