CVE-2024-43574

Опубликовано: 08 окт. 2024

Источник: msrc

CVSS3: 8.3

EPSS Низкий

Описание

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

FAQ

How could an attacker exploit this vulnerability?

An attacker could exploit a use after free vulnerability within the OS SAPI component to execute arbitrary code in the context of the compromised user to disclose sensitive information, compromise system integrity or impact the availability of the victim's system.

According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?

This vulnerability could lead to a browser sandbox escape.

According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?

This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to win a race condition.

Обновления

Продукт	Статья	Обновление
Windows Server 2022	5044281	Security Update
Windows Server 2022 (Server Core installation)	5044281	Security Update
Windows 11 version 21H2 for x64-based Systems	5044280	Security Update
Windows 11 version 21H2 for ARM64-based Systems	5044280	Security Update
Windows 10 Version 21H2 for 32-bit Systems	5044273	Security Update
Windows 10 Version 21H2 for ARM64-based Systems	5044273	Security Update
Windows 10 Version 21H2 for x64-based Systems	5044273	Security Update
Windows 11 Version 22H2 for ARM64-based Systems	5044285	Security Update
Windows 11 Version 22H2 for x64-based Systems	5044285	Security Update
Windows 10 Version 22H2 for x64-based Systems	5044273	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 67%

0.00543

Низкий

8.3 High

CVSS3

Связанные уязвимости

CVE-2024-43574

CVSS3: 8.3

nvd

8 месяцев назад

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

GHSA-mxp9-jv89-xf8h

CVSS3: 8.3

github

8 месяцев назад

Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability

BDU:2024-08014

CVSS3: 8.3

fstec

8 месяцев назад

Уязвимость реализации прикладного программного интерфейса (SAPI) операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 67%

0.00543

Низкий

8.3 High

CVSS3