CVE-2024-23440
Vba32 Antivirus v3.36.0 - Arbitrary Memory Read
Severity Score
6.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.
Vba32 Antivirus v3.36.0 es afectado por una vulnerabilidad de lectura de memoria arbitraria. El código IOCTL 0x22200B del controlador Vba32m64.sys permite leer hasta 0x802 de memoria desde un puntero arbitrario proporcionado por el usuario.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-01-16 CVE Reserved
- 2024-02-13 CVE Published
- 2024-02-14 EPSS Updated
- 2024-08-01 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
- CAPEC-540: Overread Buffers
References (2)
| URL | Tag | Source |
|---|---|---|
| https://fluidattacks.com/advisories/adderley | Third Party Advisory | |
| https://www.anti-virus.by/vba32 | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| VirusBlokAda Search vendor "VirusBlokAda" | Vba32 Antivirus Search vendor "VirusBlokAda" for product "Vba32 Antivirus" | 3.36.0 Search vendor "VirusBlokAda" for product "Vba32 Antivirus" and version "3.36.0" | en |
Affected
| ||||||