PT-2024-7809 · Microsoft · Windows+3

Garrett Moore

Published

2024-10-08

Updated

2024-10-16

CVE-2024-43584

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows Scripting Engine (affected versions not specified)

Description A security feature bypass issue exists in the Windows Scripting Engine, allowing attackers to bypass security restrictions. The vulnerability is related to the jscript9legacy.dll library and the Antimalware Scan Interface (AMSI) in Microsoft Windows operating systems, which can lead to a violation of the data protection mechanism.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693

Related Identifiers

BDU:2024-09309

CVE-2024-43584

Affected Products

Antimalware Scan Interface

Windows

Windows Scripting Engine

Jscript9Legacy.Dll

PT-2024-7809 · Microsoft · Windows+3

CVE-2024-43584

Weakness Enumeration

Related Identifiers

Affected Products

References · 10