1. Home
  2. Vulnerabilities
  3. CVE-2024-38112

CVE-2024-38112

CVSS v3.1 7.5 (High)
75% Progress
EPSS 73.66 % (98th)
73.66% Progress
Affected Products 14
Advisories 1
NVD Status Analyzed
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Windows MSHTML Platform Spoofing Vulnerability

Weaknesses
CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE-NVD-Other
CVE Status
PUBLISHED
NVD Status
Analyzed
CNA
Microsoft Corporation
Published Date
2024-07-09 17:15:47
(2 months ago)
Updated Date
2024-08-14 16:56:54
(3 weeks ago)
Microsoft Windows MSHTML Platform Spoofing Vulnerability (CISA - Known Exploited Vulnerabilities Catalog)
Description
Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known to be Used in Ransomware Campaigns
Unknown
Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112
Vendor
Microsoft
Product
Windows
In CISA Catalog from
2024-07-09
(2 months ago)
Due Date
2024-07-30
(5 weeks ago)

Affected Products

Microsoft

Configuration #1

    CPE23 From Up To
  Microsoft Windows 10 1507 prior 10.0.10240.20710 version cpe:2.3:o:microsoft:windows_10_1507 < 10.0.10240.20710
  Microsoft Windows 10 1607 prior 10.0.14393.7159 version cpe:2.3:o:microsoft:windows_10_1607 < 10.0.14393.7159
  Microsoft Windows 10 1809 prior 10.0.17763.6054 version cpe:2.3:o:microsoft:windows_10_1809 < 10.0.17763.6054
  Microsoft Windows 10 21h2 prior 10.0.19044.4651 version cpe:2.3:o:microsoft:windows_10_21h2 < 10.0.19044.4651
  Microsoft Windows 10 22h2 prior 10.0.19045.4651 version cpe:2.3:o:microsoft:windows_10_22h2 < 10.0.19045.4651
  Microsoft Windows 11 21h2 prior 10.0.22000.3079 version cpe:2.3:o:microsoft:windows_11_21h2 < 10.0.22000.3079
  Microsoft Windows 11 22h2 prior 10.0.22621.3880 version cpe:2.3:o:microsoft:windows_11_22h2 < 10.0.22621.3880
  Microsoft Windows 11 23h2 prior 10.0.22631.3880 version cpe:2.3:o:microsoft:windows_11_23h2 < 10.0.22631.3880
  Microsoft Windows Server 2008 SP2 cpe:2.3:o:microsoft:windows_server_2008:-:sp2
  Microsoft Windows Server 2012 R2 cpe:2.3:o:microsoft:windows_server_2012:r2
  Microsoft Windows Server 2016 prior 10.0.14393.7159 version cpe:2.3:o:microsoft:windows_server_2016 < 10.0.14393.7159
  Microsoft Windows Server 2019 prior 10.0.17763.6054 version cpe:2.3:o:microsoft:windows_server_2019 < 10.0.17763.6054
  Microsoft Windows Server 2022 prior 10.0.20348.2582 version cpe:2.3:o:microsoft:windows_server_2022 < 10.0.20348.2582
  Microsoft Windows Server 2022 23h2 prior 10.0.25398.1009 version cpe:2.3:o:microsoft:windows_server_2022_23h2 < 10.0.25398.1009