- Description
- Windows Themes Spoofing Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
- secure@microsoft.com
- CWE-200
- nvd@nist.gov
- NVD-CWE-noinfo
- Hype score
- Not currently trending
Actively exploited CVE : CVE-2024-21320
@transilienceai
6 Nov 2024
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ماکروسافت برای آسیب پذیری با کد شناسایی CVE-2024-21320 پچ لازم را منتشر نمود اما بعد از مدتی مشخص شد که این پچ نیز قابل دور زدن می باشد . برای همین پچ نیز که به نوعی آسیب پذیر بود کد شناسایی جدید CVE-2024-38030 را منتشر نمود و پچ جدید را ارائه کرد. https://t.co/Y2P1U3epiq https:/
@AmirHossein_sec
5 Nov 2024
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Windows Themes Zero-Day Alert 🚨 🛠️ Unofficial patch out for a new Windows Themes bug that leaks NTLM credentials just by viewing malicious theme files ⚠️ Mitigate Now: Use 0patch or follow Microsoft’s NTLM blocking guidance (CVE-2024-21320) until an official fix is release
@shaharia_munna
31 Oct 2024
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsテーマにおけるゼロデイ脆弱性に対する非公式パッチを0patch社が提供。該当脆弱性はCVE未採番で、CVE-2024-21320を迂回可能なCVE-2024-38030のマイクロパッチを開発中だったACROS Security社が発見したもの。NTLM資格情報が窃取される可能性。 https://t.co/bLDX6xMvLU
@__kokumoto
30 Oct 2024
924 Impressions
9 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
[ { "nodes": [ { "negate": false, "cpeMatch": [ { "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F40B0037-2EF9-4172-BD2B-C5D046426DC9", "versionEndExcluding": "10.0.10240.20402" }, { "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1642CC8D-1521-46D9-AE2A-7CD9BCE30565", "versionEndExcluding": "10.0.14393.6614" }, { "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB2C6F0A-4519-43AE-A36D-39F968FF3DCD", "versionEndExcluding": "10.0.17763.5329" }, { "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26D9519C-EC1F-48D1-89F5-2DCBF84C8251", "versionEndExcluding": "10.0.19044.3930" }, { "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9B6C6A0-6A10-4A8B-9DF2-D00CE5F863BD", "versionEndExcluding": "10.0.19045.3930" }, { "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "290AE500-245E-4C97-953C-05D679164894", "versionEndExcluding": "10.0.22000.2713" }, { "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8145E3A1-AA48-49CD-A391-8BA9F3860316", "versionEndExcluding": "10.0.22621.3007" }, { "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04D7A1EA-2E86-4600-A7B8-DAA5ACABE8D0", "versionEndExcluding": "10.0.22631.3007" }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8F92AA0-D568-4DD8-B50E-29F3561F81AB", "versionEndExcluding": "10.0.14393.6614" }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51DCD313-6848-46DD-B4C6-DA2A8F6291CD", "versionEndExcluding": "10.0.17763.5329" }, { "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13224366-AD63-4CAD-85D1-F9599CFE1B14", "versionEndExcluding": "10.0.20348.2227" } ], "operator": "OR" } ] } ]