8 matches found
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Microsoft Windows MSHTML Platform contains a user interface UI misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112...
Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer
An advanced persistent threat APT group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. Cybersecurity firm Trend Micro, which observed the activity in mid-Ma...
CVE-2024-38112: Void Banshee Targets Windows Users Through Zombie Internet Explorer in Zero-Day Attacks
Our threat hunters discovered CVE-2024-38112, which was used as a zero-day by APT group Void Banshee, to access and execute files through the disabled Internet Explorer using MSHTML. We promptly identified and reported this zero-day vulnerability to Microsoft, and it has been patched...
Patch Tuesday - July 2024
Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the...
CVE-2024-38112
creationtimestamp| type| source ---|---|--- 2024-07-09 19:48:26+00:00| seen| https://t.me/cvedetector/390 2024-07-09 23:19:40+00:00| seen| https://t.me/ctinow/219966 2024-07-10 00:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-07-10 04:00:00+00:00| seen|...
CVE-2024-38112
Windows MSHTML Platform Spoofing Vulnerability...
CVE-2024-38112 Windows MSHTML Platform Spoofing Vulnerability
...
CVE-2024-38112
Windows MSHTML Platform Spoofing Vulnerability Recent assessments: remmons-r7 at July 19, 2024 2:51pm UTC reported: Trend Micro reported this vulnerability to Microsoft after observing Void Banshee APT exploitation in the wild; the zero-day attack hinged on the premise that MHTML links would...