CVE-2023-29366

Windows Geolocation Service Remote Code Execution Vulnerability

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 10 21h2 HwPlatformarm64 Version < 10.0.19044.3087

Microsoft ≫ Windows 10 21h2 HwPlatformx64 Version < 10.0.19044.3087

Microsoft ≫ Windows 10 21h2 HwPlatformx86 Version < 10.0.19044.3087

Microsoft ≫ Windows 10 22h2 HwPlatformarm64 Version < 10.0.19045.3087

Microsoft ≫ Windows 10 22h2 HwPlatformx64 Version < 10.0.19045.3087

Microsoft ≫ Windows 10 22h2 HwPlatformx86 Version < 10.0.19045.3087

Microsoft ≫ Windows 11 21h2 HwPlatformarm64 Version < 10.0.22000.2057

Microsoft ≫ Windows 11 21h2 HwPlatformx64 Version < 10.0.22000.2057

Microsoft ≫ Windows 11 22h2 HwPlatformarm64 Version < 10.0.22621.1848

Microsoft ≫ Windows 11 22h2 HwPlatformx64 Version < 10.0.22621.1848

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.13%	0.777

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-415 Double Free

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Patch

Vendor Advisory

CVE Source (NVD)

CVE Source (JSON)

EUVD