Out-of-bounds Read (CWE-125)
Microsoft Windows Codecs Library contains an information disclosure vulnerability. This vulnerability is related to an out-of-bounds read issue (CWE-125) in the Windows Codecs Library. It affects multiple versions of Windows operating systems, including various releases of Windows 10, Windows 11, and Windows Server.
An attacker who successfully exploits this vulnerability could gain access to sensitive information. The vulnerability has a high impact on confidentiality, but no impact on integrity or availability. The attack vector is local, requiring low privileges and no user interaction. This suggests that an attacker would need some form of prior access to the target system to exploit the vulnerability.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft has released updates to address this vulnerability across affected Windows versions. Specific version numbers for the patches are provided for each affected Windows version, such as 10.0.17763.6054 for Windows Server 2019 and Windows 10 version 1809, 10.0.20348.2582 for Windows Server 2022, 10.0.19044.4651 for Windows 10 version 21H2, and so on.
To mitigate this vulnerability, it is recommended to apply the latest security updates provided by Microsoft for the affected Windows versions. Priority should be given based on the criticality of the systems and the sensitivity of the data they handle. Ensure that all instances of Windows Server 2019, 2022, 2016, 2012, Windows 10 (versions 21H2, 1809, 1507, 1607, 22H2), and Windows 11 (versions 22H2, 21H2, 23H2) are updated to the versions specified in the patch details. Additionally, implement the principle of least privilege to minimize the potential impact of successful exploits.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Detection for the vulnerability has been added to Qualys (92149)
A CVSS base score of 5.5 has been assigned.
NVD published the first details for CVE-2024-38056
Feedly found the first article mentioning CVE-2024-38056. See article
Feedly estimated the CVSS score as MEDIUM
EPSS Score was set to: 0.04% (Percentile: 9.2%)