Lucene search

K
cvelistFluid AttacksCVELIST:CVE-2024-23439
HistoryFeb 13, 2024 - 2:58 p.m.

CVE-2024-23439 Vba32 Antivirus v3.36.0 - Arbitrary Memory Read

2024-02-1314:58:08
CWE-125
Fluid Attacks
www.cve.org
vulnerability
vba32 antivirus v3.36.0
arbitrary memory read
ioctl codes

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Windows"
    ],
    "product": "Vba32 Antivirus",
    "vendor": "VirusBlokAda",
    "versions": [
      {
        "status": "affected",
        "version": "3.36.0"
      }
    ]
  }
]

6.3 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-23439