CVE-2024-23440

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Published Feb 13, 2024

CWE ID 125

Summary

CVE-2024-23440 is a newly disclosed vulnerability affecting Vba32 Antivirus v3.36.0. The issue lies in the Vba32m64.sys driver, which is susceptible to an Arbitrary Memory Read vulnerability. An attacker can exploit the 0x22200B IOCTL code to read up to 0x802 bytes of memory from a user-supplied pointer, potentially leading to information disclosure or other malicious activities. This vulnerability poses a significant risk and requires immediate attention from users and administrators to apply available patches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uKz9wd
https://www.cve.org/CVERecord?id=CVE-2024-23440
https://nvd.nist.gov/vuln/detail/CVE-2024-23440

Back to Vulnerability Database

CVE-2024-23440

CVSS 3.1 Score 6.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations