Lucene search

Fluid AttacksCVELIST:CVE-2024-23439

HistoryFeb 13, 2024 - 2:58 p.m.

CVE-2024-23439 Vba32 Antivirus v3.36.0 - Arbitrary Memory Read

2024-02-1314:58:08

CWE-125

Fluid Attacks

www.cve.org

vulnerability

vba32 antivirus v3.36.0

arbitrary memory read

ioctl codes

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Windows"
    ],
    "product": "Vba32 Antivirus",
    "vendor": "VirusBlokAda",
    "versions": [
      {
        "status": "affected",
        "version": "3.36.0"
      }
    ]
  }
]

References

fluidattacks.com/advisories/adderley/

www.anti-virus.by/vba32

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-23439