CVE-2024-6769
8.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Windows 10 | 10.0.0 | affected |
| Microsoft | Windows 11 | 10.0.0 | affected |
| Microsoft | Windows Server 2016 | 10.0.0 | affected |
| Microsoft | Windows Server 2019 | 10.0.0 | affected |
| Microsoft | Windows Server 2022 | 10.0.0 | affected |
Weaknesses
- CWE-426: CWE-426 Untrusted Search Path
- CWE-427: CWE-427 Uncontrolled Search Path Element
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.