CVE-2024-38112 - Vulnerability Details

Windows MSHTML Platform Spoofing Vulnerability

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is in the KEV database since July 9, 2024.

The EPSS score is 0.92925.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Microsoft	Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 Windows 10 22h2 Windows 11 21h2 Windows 11 22h2 Windows 11 23h2 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022 Windows Server 2022 23h2

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_10_1507::::::::
	cpe:2.3:o:microsoft:windows_10_1607:::::::x64:*
	cpe:2.3:o:microsoft:windows_10_1607:::::::x86:*
	cpe:2.3:o:microsoft:windows_10_1809:::::::x64:*
	cpe:2.3:o:microsoft:windows_10_1809:::::::x86:*
	cpe:2.3:o:microsoft:windows_10_21h2::::::::
	cpe:2.3:o:microsoft:windows_10_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_21h2::::::::
	cpe:2.3:o:microsoft:windows_11_22h2::::::::
	cpe:2.3:o:microsoft:windows_11_23h2::::::::
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022::::::::
	cpe:2.3:o:microsoft:windows_server_2022_23h2::::::::

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38112

History

Tue, 21 Oct 2025 23:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38112

Tue, 21 Oct 2025 20:30:00 +0000

Type	Values Removed	Values Added
References	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38112

Tue, 21 Oct 2025 19:30:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38112

Mon, 27 Jan 2025 22:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:microsoft:windows_10_1607:::::::: cpe:2.3:o:microsoft:windows_10_1809::::::::	cpe:2.3:o:microsoft:windows_10_1607:::::::x64:* cpe:2.3:o:microsoft:windows_10_1607:::::::x86:* cpe:2.3:o:microsoft:windows_10_1809:::::::x64:* cpe:2.3:o:microsoft:windows_10_1809:::::::x86:*

Tue, 10 Dec 2024 18:00:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20710::::::x64: cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20710::::::x86: cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7159::::::x64: cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7159::::::x86: cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6054::::::x64: cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6054::::::x86: cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4651::::::arm64: cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4651::::::x64: cpe:2.3:o:microsoft:windows_10_21H2:10.0.19044.4651::::::x86: cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4651::::::arm64: cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4651::::::x64: cpe:2.3:o:microsoft:windows_10_22H2:10.0.19045.4651::::::x86: cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.3079::::::arm64: cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.3079::::::x64: cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3880::::::arm64: cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3880::::::x64: cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3880::::::arm64: cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3880::::::x64: cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.22769::::::x64: cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.22769::::::x86: cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.22074::::::x64: cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7159:::::::* cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6054:::::::* cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2582:::::::* cpe:2.3:o:microsoft:windows_server_23h2:10.0.25398.1009:::::::*
Vendors & Products	Microsoft windows 10 21h2 Microsoft windows 10 22h2 Microsoft windows 11 21h2 Microsoft windows 11 22h2 Microsoft windows 11 23h2 Microsoft windows Server 2008 Sp2 Microsoft windows Server 2012 R2 Microsoft windows Server 23h2

Wed, 09 Oct 2024 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2024-07-09'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 08 Oct 2024 16:30:00 +0000

Type	Values Removed	Values Added
CPEs	cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6054::::::arm64:

Wed, 14 Aug 2024 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	NVD-CWE-noinfo	NVD-CWE-Other

Wed, 14 Aug 2024 08:30:00 +0000

Type	Values Removed	Values Added
Metrics	kev `{'dateAdded': '2024-07-09'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2024-07-09T17:02:38.208Z

Updated: 2025-10-21T22:55:49.972Z

Reserved: 2024-06-11T22:36:08.189Z

Link: CVE-2024-38112

Vulnrichment

Updated: 2024-08-02T04:04:25.292Z

NVD

Status : Analyzed

Published: 2024-07-09T17:15:47.860

Modified: 2025-10-28T14:23:12.990

Link: CVE-2024-38112

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object