Lucene search

Kaspersky LabKLA48687

HistoryMar 24, 2023 - 12:00 a.m.

KLA48687 OSI vulnerability in Microsoft Apps

2023-03-2400:00:00

Kaspersky Lab

threats.kaspersky.com

information disclosure

microsoft apps

vulnerability

malicious users

sensitive information

exploitation

osi

snipping tool

snip & sketch

windows 10

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

An information disclosure vulnerability was found in Microsoft Apps. Malicious users can exploit this vulnerability to obtain sensitive information.

Original advisories

CVE-2023-28303

Related products

Microsoft-Windows

Microsoft-Windows-10

CVE list

CVE-2023-28303 warning

KB list

Solution

Update your apps from the Windows StoreSnip & Sketch

Snipping Tool

Impacts

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

Affected Products

Snipping ToolSnip & Sketch for Windows 10

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303

statistics.securelist.com/

threats.kaspersky.com/en/product/Microsoft-Windows-10/

threats.kaspersky.com/en/product/Microsoft-Windows/

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

23.6%

JSON

Related for KLA48687