7.5 CVE-2024-38178

CISA Kev Catalog Patch
 

Scripting Engine Memory Corruption Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2024-38178

Categories

CWE-NVD-noinfo

CWE-843 : Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type. Type confusion in CSS sequence leads to out-of-bounds read. Size inconsistency allows code execution, first discovered when it was actively exploited in-the-wild. Improperly-parsed file containing records of different types leads to code execution when a memory location is interpreted as a different object than intended.

References

secure@microsoft.com Patch


 

CPE

cpe start end
Configuration 1
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:* < 10.0.10240.20751
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:* < 10.0.14393.7259
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:* < 10.0.17763.6189
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* < 10.0.19044.4780
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* < 10.0.19045.4780
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:* < 10.0.22000.3147
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* < 10.0.22621.4037
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:* < 10.0.22631.4037
cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* < 10.0.26100.1457
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* < 10.0.14393.7259
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* < 10.0.17763.6189
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* < 10.0.20348.2655
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* < 10.0.25398.1085


REMEDIATION


Patch

Url
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178


EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
No entry