Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiPeter Girnus (gothburz) of Trend Micro's Zero Day InitiativeZDI-24-361
HistoryApr 09, 2024 - 12:00 a.m.

Microsoft Windows Internet Shortcut SmartScreen Bypass Vulnerability

2024-04-0900:00:00
Peter Girnus (gothburz) of Trend Micro's Zero Day Initiative
www.zerodayinitiative.com
19
microsoft windows
smartscreen
bypass
vulnerability
remote attackers
arbitrary code
user interaction
malicious page
malicious file
internet shortcut
security check
chained files
execute code

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.5%

JSON

This vulnerability allows remote attackers to bypass the SmartScreen security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Internet Shortcut (.URL) files. The issue results from the lack of a security check on chained Internet Shortcut files. An attacker can leverage this vulnerability to execute code in the context of the current user.

Related

cvelist 1
cve 1
vulnrichment 1
githubexploit 1
mscve 1
nvd 1
attackerkb 1
malwarebytes 1
cisa_kev 1
thn 1
krebs 1
qualysblog 1
mskb 6
openvas 4
nessus 6
kaspersky 1
rapid7blog 1
cvelist
cvelist
CVE-2024-29988 SmartScreen Prompt Security Feature Bypass Vulnerability
2024-04-09 17:00:35
cve
cve
CVE-2024-29988
2024-04-09 17:16:01
vulnrichment
vulnrichment
CVE-2024-29988 SmartScreen Prompt Security Feature Bypass Vulnerability
2024-04-09 17:00:35
githubexploit
githubexploit
Exploit for Protection Mechanism Failure in Microsoft
2024-05-03 12:17:25
mscve
mscve
SmartScreen Prompt Security Feature Bypass Vulnerability
2024-04-09 07:00:00
nvd
nvd
CVE-2024-29988
2024-04-09 17:16:01
attackerkb
attackerkb
CVE-2024-29988
2024-04-09 00:00:00
malwarebytes
malwarebytes
Microsoftโ€™s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities
2024-04-11 08:23:55
cisa_kev
cisa_kev
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
2024-04-30 00:00:00
thn
thn
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
2024-04-10 04:57:00
krebs
krebs
Aprilโ€™s Patch Tuesday Brings Record Number of Fixes
2024-04-09 20:28:17
qualysblog
qualysblog
Microsoft and Adobe Patch Tuesday, April 2024 Security Update Review
2024-04-09 19:23:40
mskb
mskb
April 9, 2024โ€”KB5036893 (OS Builds 22621.3447 and 22631.3447)
2024-04-09 07:00:00
April 9, 2024โ€”KB5036892 (OS Builds 19044.4291 and 19045.4291)
2024-04-09 07:00:00
April 9, 2024โ€”KB5036894 (OS Build 22000.2899)
2024-04-09 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5036892)
2024-04-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5036893)
2024-04-10 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5036894)
2024-04-10 00:00:00
nessus
nessus
KB5036892: Windows 10 Version 21H2 / Windows 10 Version 22H2 Security Update (April 2024)
2024-04-09 00:00:00
KB5036893: Windows 11 version 22H2 Security Update (April 2024)
2024-04-09 00:00:00
KB5036894: Windows 11 version 21H2 Security Update (April 2024)
2024-04-09 00:00:00
kaspersky
kaspersky
KLA65511 Multiple vulnerabilities in Microsoft Windows
2024-04-09 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2024
2024-04-09 20:28:17

7.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.5%

JSON
Related for ZDI-24-361
cvelist1cve1vulnrichment1githubexploit1mscve1nvd1attackerkb1malwarebytes1cisa_kev1thn1krebs1qualysblog1mskb6openvas4nessus6kaspersky1rapid7blog1