CVE-2024-38030

Published Jul 9, 2024

Last updated 4 months ago

Overview

Description
Windows Themes Spoofing Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo
secure@microsoft.com
CWE-200

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Actively exploited CVE : CVE-2024-38030

    @transilienceai

    14 Nov 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Actively exploited CVE : CVE-2024-38030

    @transilienceai

    12 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2024-38030

    @transilienceai

    10 Nov 2024

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-38030

    @transilienceai

    8 Nov 2024

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. ماکروسافت برای آسیب پذیری با کد شناسایی CVE-2024-21320 پچ لازم را منتشر نمود اما بعد از مدتی مشخص شد که این پچ نیز قابل دور زدن می باشد . برای همین پچ نیز که به نوعی آسیب پذیر بود کد شناسایی جدید CVE-2024-38030 را منتشر نمود و پچ جدید را ارائه کرد. https://t.co/Y2P1U3epiq https:/

    @AmirHossein_sec

    5 Nov 2024

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. #exploit 1. CVE-2024-38030: Windows Themes Files Spoofing https://t.co/Nw0kAkD9aA 2. CVE-2024-9533: D-Link DIR-605L buffer overflow https://t.co/EoxBJzuS48

    @ksg93rd

    31 Oct 2024

    48 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  7. Windowsテーマにおけるゼロデイ脆弱性に対する非公式パッチを0patch社が提供。該当脆弱性はCVE未採番で、CVE-2024-21320を迂回可能なCVE-2024-38030のマイクロパッチを開発中だったACROS Security社が発見したもの。NTLM資格情報が窃取される可能性。 https://t.co/bLDX6xMvLU

    @__kokumoto

    30 Oct 2024

    924 Impressions

    9 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. We Patched CVE-2024-38030, Found Another Windows Themes Spoofing Vulnerability (0day) https://t.co/yCAUdaJO7F https://t.co/B03mOtVdSI

    @0patch

    29 Oct 2024

    1255 Impressions

    5 Retweets

    10 Likes

    2 Bookmarks

    1 Reply

    0 Quotes

Configurations