Lucene search
Wenguang JiaoZDI-21-421HistoryApr 19, 2021 - 12:00 a.m.
Microsoft Windows Raw Image Extension CR3 File Parsing Type Confusion Remote Code Execution Vulnerability
2021-04-1900:00:00
Wenguang Jiao
www.zerodayinitiative.com
147
0.009 Low
EPSS
Percentile
83.2%
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Raw Image Extension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CR3 images. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current user at low integrity.
Related
nvd
nvd
CVE-2021-28468
2021-04-13 20:15:20
cvelist
cvelist
CVE-2021-28468 Raw Image Extension Remote Code Execution Vulnerability
2021-04-13 19:33:41
mscve
mscve
Raw Image Extension Remote Code Execution Vulnerability
2021-04-13 07:00:00
cve
cve
CVE-2021-28468
2021-04-13 20:15:20
prion
prion
Remote code execution
2021-04-13 20:15:00
nessus
nessus
Microsoft Windows Raw Image Extensions Library RCEs (April 2021)
2021-04-13 00:00:00
kaspersky
kaspersky
KLA12139 Multiple vulnerabilities in Microsoft Windows
2021-04-13 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2021
2021-04-13 17:37:00