PT-2024-4626 · Microsoft · Windows+2
Haifei Li
·
Published
2024-07-09
·
Updated
2026-01-16
·
CVE-2024-38112
CVSS v2.0
7.6
High
| Vector | AV:N/AC:H/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Microsoft Windows (affected versions not specified)
Description:
The vulnerability is related to the MSHTML platform in Microsoft Windows and involves a spoofing issue that allows attackers to affect the system. It has been exploited by threat actors for over a year, with attacks using Internet Explorer shortcut files to lure victims into enabling remote code execution. The vulnerability has been used to distribute the Atlantida InfoStealer malware. Threat actors have been leveraging Internet Explorer in new zero-day spoofing attacks, and the vulnerability has been identified as a critical issue that needs to be patched immediately.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
UI Misrepresentation of Critical Information
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Internet Explorer
Mshtml
Windows