CVE-2024-38112

HIGH CISA KEV EPSS 99.7%

Published Jul 9, 20241y ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published Jul 9, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

KEV Listed Jul 9, 2024 1y ago

KEV Due Jul 30, 2024 700d overdue

Description

Windows MSHTML Platform Spoofing Vulnerability

Base Score

7.5

Exploitability

1.6

Impact

5.9

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

CISA Known Exploited Overdue 700d

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability

99.7% percentile

Exploit & Patch Status

Actively Exploited (KEV)

Patch Available

CWE-451

Vendor	Product	Version	Range
microsoft	windows_10_1507	*	<10.0.10240.20710
microsoft	windows_10_1607	*	<10.0.14393.7159
microsoft	windows_10_1607	*	<10.0.14393.7159
microsoft	windows_10_1809	*	<10.0.17763.6054
microsoft	windows_10_1809	*	<10.0.17763.6054
microsoft	windows_10_21h2	*	<10.0.19044.4651
microsoft	windows_10_22h2	*	<10.0.19045.4651
microsoft	windows_11_21h2	*	<10.0.22000.3079
microsoft	windows_11_22h2	*	<10.0.22621.3880
microsoft	windows_11_23h2	*	<10.0.22631.3880
microsoft	windows_server_2008	*	any
microsoft	windows_server_2012	r2	any
microsoft	windows_server_2016	*	<10.0.14393.7159
microsoft	windows_server_2019	*	<10.0.17763.6054
microsoft	windows_server_2022	*	<10.0.20348.2582
microsoft	windows_server_2022_23h2	*	<10.0.25398.1009

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112

PatchVendor Advisory
cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38112

US Government Resource

msrc.microsoft.com https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112

PatchVendor Advisory