Lucene search
MicrosoftCVE-2024-38112HistoryJul 09, 2024 - 5:15 p.m.
CVE-2024-38112
2024-07-0917:15:47
CWE-451
microsoft
web.nvd.nist.gov
132
In Wild
61
windows
mshtml
spoofing
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.647
Percentile
98.0%
Windows MSHTML Platform Spoofing Vulnerability
Affected configurations
Node
microsoftwindows_10_1507Range<10.0.10240.20710
ORmicrosoftwindows_10_1607Range<10.0.14393.7159
ORmicrosoftwindows_10_1809Range<10.0.17763.6054
ORmicrosoftwindows_10_21h2Range<10.0.19044.4651
ORmicrosoftwindows_10_22h2Range<10.0.19045.4651
ORmicrosoftwindows_11_21h2Range<10.0.22000.3079
ORmicrosoftwindows_11_22h2Range<10.0.22621.3880
ORmicrosoftwindows_11_23h2Range<10.0.22631.3880
ORmicrosoftwindows_server_2008Match-sp2
ORmicrosoftwindows_server_2012Matchr2
ORmicrosoftwindows_server_2016Range<10.0.14393.7159
ORmicrosoftwindows_server_2019Range<10.0.17763.6054
ORmicrosoftwindows_server_2022Range<10.0.20348.2582
ORmicrosoftwindows_server_2022_23h2Range<10.0.25398.1009
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | windows_server_2012 | r2 | cpe:/o:microsoft:windows_server_2012:r2::: |
| microsoft | windows_server_2008 | - | cpe:/o:microsoft:windows_server_2008:-:sp2:: |
CNA Affected
[
{
"vendor": "Microsoft",
"product": "Windows 10 Version 22H2",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4651:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4651:*:*:*:*:*:arm64:*",
"cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4651:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems",
"ARM64-based Systems",
"32-bit Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.19045.4651",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 11 Version 23H2",
"cpes": [
"cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3880:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.22631.3880",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1507",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20710:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20710:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.10240.20710",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 11 version 22H2",
"cpes": [
"cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3880:*:*:*:*:*:arm64:*",
"cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3880:*:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.22621.3880",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1607",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7159:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7159:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.14393.7159",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2016",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7159:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.14393.7159",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 21H2",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4651:*:*:*:*:*:x86:*",
"cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4651:*:*:*:*:*:arm64:*",
"cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4651:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"ARM64-based Systems",
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.19044.4651",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2016 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7159:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.14393.7159",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 10 Version 1809",
"cpes": [
"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6054:*:*:*:*:*:arm64:*",
"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6054:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6054:*:*:*:*:*:x86:*"
],
"platforms": [
"ARM64-based Systems",
"x64-based Systems",
"32-bit Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.17763.6054",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2008 Service Pack 2",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.22769:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems"
],
"versions": [
{
"version": "6.0.0",
"lessThan": "6.0.6003.22769",
"versionType": "custom",
"status": "affected"
},
{
"version": "6.0.0",
"lessThan": "1.001",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.22769:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.22769:*:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"versions": [
{
"version": "6.0.0",
"lessThan": "6.0.6003.22769",
"versionType": "custom",
"status": "affected"
},
{
"version": "6.0.0",
"lessThan": "1.001",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2008 Service Pack 2",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.22769:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.0.0",
"lessThan": "6.0.6003.22769",
"versionType": "custom",
"status": "affected"
},
{
"version": "6.0.0",
"lessThan": "1.001",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2012 R2",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.22074:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.3.0",
"lessThan": "6.3.9600.22074",
"versionType": "custom",
"status": "affected"
},
{
"version": "6.3.0",
"lessThan": "1.001",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 11 version 22H3",
"cpes": [
"cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3880:*:*:*:*:*:arm64:*"
],
"platforms": [
"ARM64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.22631.3880",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2012 R2 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.22074:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "6.3.0",
"lessThan": "6.3.9600.22074",
"versionType": "custom",
"status": "affected"
},
{
"version": "6.3.0",
"lessThan": "1.001",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2022",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2582:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.20348.2582",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_23h2:10.0.25398.1009:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.25398.1009",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2019 (Server Core installation)",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6054:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.17763.6054",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows 11 version 21H2",
"cpes": [
"cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.3079:*:*:*:*:*:arm64:*",
"cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.3079:*:*:*:*:*:x64:*"
],
"platforms": [
"ARM64-based Systems",
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.22000.3079",
"versionType": "custom",
"status": "affected"
}
]
},
{
"vendor": "Microsoft",
"product": "Windows Server 2019",
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6054:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"versions": [
{
"version": "10.0.0",
"lessThan": "10.0.17763.6054",
"versionType": "custom",
"status": "affected"
}
]
}
]Social References
More
Related
talosblog
talosblog
It's best to just assume you’ve been involved in a data breach somehow
2024-07-18 18:00:24
trendmicroblog
trendmicroblog
nvd
nvd
CVE-2024-38112
2024-07-09 17:15:47
cisa_kev
cisa_kev
Microsoft Windows MSHTML Platform Spoofing Vulnerability
2024-07-09 00:00:00
vulnrichment
vulnrichment
CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability
2024-07-09 17:02:38
attackerkb
attackerkb
CVE-2024-38112
2024-07-09 00:00:00
cvelist
cvelist
CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability
2024-07-09 17:02:38
mskb
mskb
KB5040426: Cumulative security update for Internet Explorer: July 9, 2024
2024-07-09 07:00:00
July 9, 2024—KB5040499 (Monthly Rollup)
2024-08-13 07:00:00
July 9, 2024—KB5040490 (Security-only update)
2024-08-13 07:00:00
mscve
mscve
Windows MSHTML Platform Spoofing Vulnerability
2024-07-09 07:00:00
Windows MSHTML Platform Spoofing Vulnerability
2024-09-10 07:00:00
thn
thn
krebs
krebs
Microsoft Patch Tuesday, July 2024 Edition
2024-07-09 19:50:33
qualysblog
qualysblog
2024 Midyear Threat Landscape Review
2024-08-06 13:00:00
Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review
2024-07-09 19:09:34
nessus
nessus
KB5040490: Windows Server 2008 Security Update (July 2024)
2024-07-09 00:00:00
KB5040448: Windows 10 LTS 1507 Security Update (July 2024)
2024-07-09 00:00:00
KB5040427: Windows 10 Version 22H2 Security Update (July 2024)
2024-07-09 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5040448)
2024-07-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5040427)
2024-07-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5040442)
2024-07-10 00:00:00
kaspersky
kaspersky
KLA70412 Multiple vulnerabilities in Microsoft Products (ESU)
2024-07-09 00:00:00
KLA70416 Multiple vulnerabilities in Microsoft Windows
2024-07-09 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - July 2024
2024-07-09 20:03:58
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.647
Percentile
98.0%
Related for CVE-2024-38112