CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
23.6%
An information disclosure vulnerability exists in Windows Snip & Sketch (Windows 10) and Snipping Tool (Windows 11) where parts of a cropped image that were to be removed are not completely deleted and can be restored if saved to the cropped image file.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(177217);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/27");
script_cve_id("CVE-2023-28303");
script_name(english:"Windows Snip & Sketch/ Snipping Tool CVE-2023-28303 (Acropalypse)");
script_set_attribute(attribute:"synopsis", value:
"The remote windows host has an application installed that is affected by an information disclosure vulnerability.");
script_set_attribute(attribute:"description", value:
"An information disclosure vulnerability exists in Windows Snip & Sketch (Windows 10) and Snipping Tool (Windows 11)
where parts of a cropped image that were to be removed are not completely deleted and can be restored if saved to the
cropped image file.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28303
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ad297874");
script_set_attribute(attribute:"solution", value:
"Upgrade to Snip & Sketch 10.2008.3001.0 for Windows 10, Snipping Tool 11.2302.20.0 for Windows 11, or later.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28303");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/24");
script_set_attribute(attribute:"patch_publication_date", value:"2023/03/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/06/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:snip_and_sketch");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("smb_hotfixes.nasl", "wmi_enum_windows_app_store.nbin");
script_require_keys("SMB/Registry/Enumerated", "WMI/Windows App Store/Enumerated");
script_require_ports(139, 445);
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var apps = ['Microsoft.ScreenSketch'];
var app_info = vcf::microsoft_appstore::get_app_info(app_list:apps);
vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints;
var host_os = get_kb_item('WMI/Host/OS');
if (host_os =~ 'Windows 10')
{
constraints = [
{'fixed_version': '10.2008.3001.0'}
];
}
else if (host_os =~ 'Windows 11')
{
constraints = [
{'fixed_version': '11.2302.20.0'}
];
}
vcf::microsoft_appstore::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
23.6%