www.cvedetails.com
Open in
urlscan Pro
104.18.28.89
Public Scan
Submitted URL: http://cvedetails.com/cve/CVE-2024-38077/?q=CVE-2024-38077
Effective URL: https://www.cvedetails.com/cve/CVE-2024-38077/?q=CVE-2024-38077
Submission: On August 12 via api from DE — Scanned from DE
Effective URL: https://www.cvedetails.com/cve/CVE-2024-38077/?q=CVE-2024-38077
Submission: On August 12 via api from DE — Scanned from DE
Form analysis
1 forms found in the DOMName: vulnautocompletesearchform — GET /google-search-results.php
<form class="form w-100" action="/google-search-results.php" method="get" onsubmit="return onvulnautocompletesearchformsubmit()" name="vulnautocompletesearchform" id="vulnautocompletesearchform">
<div id="unifiedsearchbox" class="w-100">
<div class="input-group">
<span class="input-group-text bg-white" id="unified-search-icon"><i class="fas fa-search"></i></span>
<input class="form-control border-start-0 ui-autocomplete-input" id="unifiedsearchinput" name="q" aria-label="Search" aria-describedby="unified-search-icon" placeholder="CVE id, product, vendor..." autocomplete="off">
<input class="btn btn-primary" type="submit" value="Search">
</div>
</div>
</form>
Text Content
Documentation Documentation * Log in CVEdetails.com powered by SecurityScorecard Vulnerabilities By Date By Type Known Exploited Assigners CVSS Scores EPSS Scores Search Vulnerable Software Vendors Products Version Search Vulnerability Intel. Newsfeed Open Source Vulns Emerging CVEs Feeds Exploits Advisories Code Repositories Code Changes Attack Surface My Attack Surface Digital Footprint Discovered Products Detected Vulns IP Search Other Metasploit Modules CWE Definitions CAPEC Definitions Articles Blog VULNERABILITY DETAILS : CVE-2024-38077 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Published 2024-07-09 17:15:42 Updated 2024-07-12 16:31:40 Source Microsoft Corporation View at NVD, CVE.org Vulnerability category: Execute code EXPLOIT PREDICTION SCORING SYSTEM (EPSS) SCORE FOR CVE-2024-38077 EPSS FAQ 0.10% Probability of exploitation activity in the next 30 days EPSS Score History ~ 42 % Percentile, the proportion of vulnerabilities that are scored at or less CVSS SCORES FOR CVE-2024-38077 Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9 Microsoft Corporation 2024-07-09 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/... N/A N/A MS-CVE-2024-38077 2024-07-09 Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High CWE IDS FOR CVE-2024-38077 * CWE-122 Heap-based Buffer Overflow A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). Assigned by: secure@microsoft.com (Secondary) REFERENCES FOR CVE-2024-38077 * https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077 CVE-2024-38077 - Security Update Guide - Microsoft - Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Patch;Vendor Advisory PRODUCTS AFFECTED BY CVE-2024-38077 * Microsoft » Windows Server 2008 » Version: N/A Update SP2 For X64 cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:* Matching versions * Microsoft » Windows Server 2008 » Version: N/A Update SP2 For X86 cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:* Matching versions * Microsoft » Windows Server 2008 » Version: R2 Update SP1 For X64 cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* Matching versions * Microsoft » Windows Server 2012 » Version: N/A cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* Matching versions * Microsoft » Windows Server 2012 » Version: R2 cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* Matching versions * Microsoft » Windows Server 2016 Versions before (<) 10.0.14393.7159 cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* Matching versions * Microsoft » Windows Server 2019 Versions before (<) 10.0.17763.6054 cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* Matching versions * Microsoft » Windows Server 2022 23h2 Versions before (<) 10.0.25398.1009 cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* Matching versions * Microsoft » Windows Server 2022 Versions before (<) 10.0.20348.2582 cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* Matching versions About Terms of Use Privacy Policy CVE Help FAQ How it works SecurityScorecard 1140 Avenue of the Americas 19th Floor New York, NY 10036 info@securityscorecard.io United States: (800) 682-1707 International: +1(646) 809-2166 Products Solutions Customers Marketplace Partners Resources Company Trust Portal Security Ratings Login Blog Contact Careers Feedback This product uses data from the NVD API but is not endorsed or certified by the NVD. See NVD website for more information. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site. This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy. By using this web site you are agreeing to CVEdetails.com terms of use! Accept Close