Lucene search

Fluid AttacksCVELIST:CVE-2024-23441

HistoryJan 29, 2024 - 4:06 p.m.

CVE-2024-23441 Vba32 Antivirus v3.36.0 - Denial of Service (DoS)

2024-01-2916:06:17

CWE-400

Fluid Attacks

www.cve.org

vba32 antivirus

dos vulnerability

cve-2024-23441

vba32m64.sys driver

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "Windows"
    ],
    "product": "Vba32 Antivirus",
    "vendor": "VirusBlokAda",
    "versions": [
      {
        "status": "affected",
        "version": "3.36.0"
      }
    ]
  }
]

References

fluidattacks.com/advisories/rollins/

www.anti-virus.by/vba32

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-23441