PT-2024-16675 · Velocidex · Velocidex Winpmem

Published

2024-12-16

Updated

2025-09-05

CVE-2024-10972

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions Velocidex WinPmem versions 4.1 and below

Description The issue is due to improper input validation, allowing an attacker with admin access to trigger a BSOD by changing the memory's access rights under the control of the user-mode application. This is possible because verification is only performed at the beginning of the routine, enabling userspace to change page permissions halfway through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.

Recommendations For Velocidex WinPmem versions 4.1 and below, upgrade to the latest release to secure your systems. As a temporary workaround, consider implementing a rule to detect unauthorized loading of winpmem outside incident response operations.

Fix

RCE

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-367

Related Identifiers

CVE-2024-10972

Affected Products

Velocidex Winpmem

PT-2024-16675 · Velocidex · Velocidex Winpmem

CVE-2024-10972

Weakness Enumeration

Related Identifiers

Affected Products

References · 8