CVE-2024-49082

Опубликовано: 10 дек. 2024

Источник: msrc

CVSS3: 6.8

EPSS Низкий

Описание

Windows File Explorer Information Disclosure Vulnerability

FAQ

According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability?

An unauthorized attacker must wait for a user to initiate a connection.

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of the user's folders and personal data.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires multiple conditions to be met, such as specific application behavior, user actions, manipulation of parameters passed to a function, and impersonation of an integrity level token.

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

Successful exploitation of this vulnerability requires the victim to perform a specific file management operation to trigger the vulnerability.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5048710 5048744	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5048710 5048744	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5048710 5048744	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5048695 5048676	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5048695 5048676	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5048710 5048744	Monthly Rollup Security Only
Windows Server 2012	5048699	Monthly Rollup
Windows Server 2012 (Server Core installation)	5048699	Monthly Rollup
Windows Server 2012 R2	5048735	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5048735	Monthly Rollup

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 28%

0.00098

Низкий

6.8 Medium

CVSS3

Связанные уязвимости

CVE-2024-49082

CVSS3: 6.8

nvd

6 месяцев назад

Windows File Explorer Information Disclosure Vulnerability

GHSA-67jv-gxg5-rmq6

CVSS3: 6.8

github

6 месяцев назад

Windows File Explorer Information Disclosure Vulnerability

BDU:2024-11148

CVSS3: 6.8

fstec

6 месяцев назад

Уязвимость приложения управления файлами File Explorer (ранее Windows Explorer) операционных систем Microsoft Windows, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 28%

0.00098

Низкий

6.8 Medium

CVSS3