| CVE ID | CVE-2024-49082 |
| CVSS SCORE | 6.8, AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
| AFFECTED VENDORS |
Microsoft |
| AFFECTED PRODUCTS |
Windows |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to delete arbitrary files or disclose sensitive information on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability. The specific flaw exists within the handling of filenames. The issue results from the lack of proper validation of filenames originating from untrusted sources, which may contain path traversal characters. An attacker can leverage this vulnerability to delete files or disclose information in the context of the current user. |
| ADDITIONAL DETAILS |
Microsoft has issued an update to correct this vulnerability. More details can be found at:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49082 |
| DISCLOSURE TIMELINE |
|
| CREDIT | st4nly0n |
