Lucene search

K
cve[email protected]CVE-2023-28291
HistoryApr 11, 2023 - 9:15 p.m.

CVE-2023-28291

2023-04-1121:15:27
CWE-20
web.nvd.nist.gov
126
2
cve-2023-28291
raw image
extension
remote code execution
vulnerability
nvd

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%

Raw Image Extension Remote Code Execution Vulnerability

Affected configurations

Vulners
NVD
Node
microsoftraw_image_extensionRange2.1.0.0ā€“2.1.60611.0
OR
microsoftraw_image_extensionRange2.1.0.0ā€“2.0.60612.0
VendorProductVersionCPE
microsoftraw_image_extension*cpe:2.3:a:microsoft:raw_image_extension:*:*:*:*:*:*:*:*
microsoftraw_image_extension*cpe:2.3:a:microsoft:raw_image_extension:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "Microsoft",
    "product": "Raw Image Extension",
    "cpes": [
      "cpe:2.3:a:microsoft:raw_image_extension:-:*:*:*:*:*:*:*"
    ],
    "platforms": [
      "Windows 10 Version 20H2 for 32-bit Systems",
      "Windows 10 Version 20H2 for ARM64-based Systems",
      "Windows 11 version 21H2 for x64-based Systems",
      "Windows 11 version 21H2 for ARM64-based Systems",
      "Windows 10 Version 21H2 for 32-bit Systems",
      "Windows 10 Version 21H2 for ARM64-based Systems",
      "Windows 10 Version 21H2 for x64-based Systems",
      "Windows 11 Version 22H2 for ARM64-based Systems",
      "Windows 11 Version 22H2 for x64-based Systems",
      "Windows 10 for 32-bit Systems",
      "Windows 10 for x64-based Systems"
    ],
    "versions": [
      {
        "version": "2.1.0.0",
        "lessThan": "2.1.60611.0",
        "versionType": "custom",
        "status": "affected"
      },
      {
        "version": "2.1.0.0",
        "lessThan": "2.0.60612.0",
        "versionType": "custom",
        "status": "affected"
      }
    ]
  }
]

Social References

More

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

8.8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.8%