CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38177 – Windows App Installer Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-38177
13 Aug 2024 — Windows App Installer Spoofing Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38177 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.1EPSS: 14%CPEs: 13EXPL: 1CVE-2021-43890 – Microsoft Windows AppX Installer Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2021-43890
15 Dec 2021 — We have investigated reports of a spoofing vulnerability in AppX installer that affects Microsoft Windows. Microsoft is aware of attacks that attempt to exploit this vulnerability by using specially crafted packages that include the malware family known as Emotet/Trickbot/Bazaloader. An attacker could craft a malicious attachment to be used in phishing campaigns. The attacker would then have to convince the user to open the specially crafted attachment. Users whose accounts are configured to have fewer user... • https://github.com/ChrisTitusTech/winutil/pull/26 •