Lucene search

Kaspersky LabKLA63964

HistoryJan 09, 2024 - 12:00 a.m.

KLA63964 ACE vulnerability in Microsoft Apps

2024-01-0900:00:00

Kaspersky Lab

threats.kaspersky.com

ace

microsoft 3d viewer

remote code execution

high severity

vulnerability

windows update

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.3%

JSON

A remote code execution vulnerability was found in Microsoft 3D Viewer. Malicious users can exploit this vulnerability to execute arbitrary code.

Original advisories

CVE-2024-20677

Related products

3D-Viewer

CVE list

CVE-2024-20677 critical

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

3D Viewer

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20677

statistics.securelist.com/

threats.kaspersky.com/en/product/3D-Viewer/

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.3%

JSON

Related for KLA63964