Malicious PyPI Library Solana Steals Blockchain Wallet Keys from Users
August 12, 2024EastWind Campaign Uses Malicious LNK Files to Install PlugY and GrewApacha Backdoors – Active IOCs
August 12, 2024Malicious PyPI Library Solana Steals Blockchain Wallet Keys from Users
August 12, 2024EastWind Campaign Uses Malicious LNK Files to Install PlugY and GrewApacha Backdoors – Active IOCs
August 12, 2024Severity
High
Analysis Summary
CVE-2024-38218 CVSS:8.4
Microsoft Edge (HTML-based) could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-38200 CVSS:7.5
Microsoft Office could allow a remote attacker to conduct spoofing attacks.
CVE-2024-38219 CVSS:6.5
Microsoft Edge (Chromium-based) could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
Indicators of Compromise
CVE
- CVE-2024-38218
- CVE-2024-38200
- CVE-2024-38219
Affected Vendors
Affected Products
- Microsoft Office 2019
- Microsoft Edge (Chromium-based) 127.0.2651.98
- Microsoft 365 Apps for Enterprise
- Microsoft Office LTSC 2021
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.