| CVE | 2024-38178 |
| Severity | High |
| Software Affected | Win 11 – 24H2, 21H2, 22H2, 22H3, 23H2 Win 10 – 1809, 21H2, 22H2, 1507,1607 Win 2019, 2022, 2016, 2012 R2 Win 2019 (Server Core) Win 2022 23H2 Edition Win 2016 (Server Core) Win 2012 R2 (Server Core) |
Overview
A memory corruption vulnerability has been reported in Microsoft Windows Scripting Engine which could be exploited by a remote attacker to execute arbitrary code on the targeted system.
Description
A memory corruption vulnerability in the Windows Scripting Engine enables remote code execution attacks if an authenticated user is deceived into clicking a link, which allows an unauthenticated attacker to execute code remotely. To successfully exploit this vulnerability, an attacker must first configure the target to use Edge in Internet Explorer Mode.
Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178
Leave a Reply