CVE-2022-26926

Опубликовано: 10 мая 2022

Источник: msrc

CVSS3: 7.8

EPSS Низкий

Описание

Windows Address Book Remote Code Execution Vulnerability

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Exploitation of the vulnerability requires that a user import a specially crafted contact record into the Windows Address Book.

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5014010 5014006	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5014010 5014006	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5014010 5014006	Monthly Rollup Security Only
Windows 7 for 32-bit Systems Service Pack 1	5014012 5013999	Monthly Rollup Security Only
Windows 7 for x64-based Systems Service Pack 1	5014012 5013999	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5014012 5013999	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5014012 5013999	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5014010 5014006	Monthly Rollup Security Only
Windows Server 2012	5014017 5014018	Monthly Rollup Security Only
Windows Server 2012 (Server Core installation)	5014017 5014018	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 75%

0.00927

Низкий

7.8 High

CVSS3

Связанные уязвимости

CVE-2022-26926

CVSS3: 7.8

nvd

около 3 лет назад

Windows Address Book Remote Code Execution Vulnerability

GHSA-v5qg-36wv-7qpm

CVSS3: 7.8

github

около 3 лет назад

Windows Address Book Remote Code Execution Vulnerability.

BDU:2022-02865

CVSS3: 8.4

fstec

около 3 лет назад

Уязвимость адресной книги Windows Address Book операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 75%

0.00927

Низкий

7.8 High

CVSS3