Skip to main content

Windows 11 21H2 CVE-2023-24902

HIGH
Out-of-bounds Read (CWE-125)
2023-05-09 secure@microsoft.com
7.8
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 09, 2023 - 18:15 cve.org
HIGH 7.8

DescriptionCVE.org

Win32k Elevation of Privilege Vulnerability

AnalysisAI

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Affected products include: Microsoft Windows 11 21H2, Microsoft Windows 11 22H2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2023-38545 CRITICAL POC
9.8 Oct 18

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. Rated critical severity (CVSS 9.8), thi

CVE-2023-38146 HIGH POC
8.8 Sep 12

Windows Themes Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely explo

CVE-2021-34527 HIGH POC
8.8 Jul 02

<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged fi

CVE-2024-35250 HIGH POC
7.8 Jun 11

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l

CVE-2024-30085 HIGH POC
7.8 Jun 11

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulner

CVE-2024-30038 HIGH POC
7.8 May 14

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity

CVE-2023-36874 HIGH POC
7.8 Jul 11

Windows Error Reporting Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability

CVE-2023-28252 HIGH POC
7.8 Apr 11

Windows Common Log File System Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnera

CVE-2021-40449 HIGH POC
7.8 Oct 13

Win32k Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity

CVE-2022-26904 HIGH POC
7.0 Apr 15

Windows User Profile Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

CVE-2023-21554 CRITICAL POC
9.8 Apr 11

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2024-29988 HIGH POC
8.8 Apr 09

SmartScreen Prompt Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely

Share

CVE-2023-24902 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy