2 matches found
CVE-2021-43890
CVE-2021-43890 is a Windows AppX Installer spoofing vulnerability. An attacker could craft a malicious package to be opened by a user, leveraging the ms-appinstaller URI handler to spoof trusted UI and execute code at the user’s level after social engineering (phishing). Attacks have been associa...
CVE-2024-38177
CVE-2024-38177: Windows App Installer Spoofing vulnerability. Multiple sources (PT-2024-6017; OpenVAS entry) indicate the flaw stems from lack of proper output encoding/escaping in Windows App Installer, enabling spoofing via specially crafted packages. The available connected documents do not sp...