| CVE ID | CVE-2024-45301 |
| CVSS SCORE | 5.3, AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N |
| AFFECTED VENDORS |
Mintty |
| AFFECTED PRODUCTS |
Mintty |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Mintty. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of printed characters. Crafted sequences of escape characters can cause the product to fetch a resource from an arbitrary path. An attacker can leverage this vulnerability to relay NTLM credentials in the context of the current user. |
| ADDITIONAL DETAILS |
Fixed in version 3.7.5 |
| DISCLOSURE TIMELINE |
|
| CREDIT | solid-snail |
