CVE-2024-10972

CVSS V2 None CVSS V3 None
Description
Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine.  A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.
Overview
  • CVE ID
  • CVE-2024-10972
  • Assigner
  • rapid7
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-16T14:49:07.294Z
  • Last Modified Date
  • 2024-12-16T15:58:46.687Z
References
History
Created Old Value New Value Data Type Notes
2024-12-17 13:27:12 Added to TrackCVE