Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-34713

Published: 09/08/2022 Updated: 31/05/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Microsoft

Vulnerability Summary

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft windows 10 -

microsoft windows 10 1607

microsoft windows server 2008 r2

microsoft windows 7 -

microsoft windows server 2012 r2

microsoft windows server 2016 -

microsoft windows rt 8.1 -

microsoft windows server 2012 -

microsoft windows 8.1 -

microsoft windows server 2019 -

microsoft windows 10 1809

microsoft windows server 2016 20h2

microsoft windows 10 20h2

microsoft windows 10 21h1

microsoft windows server 2022 -

microsoft windows 11 -

microsoft windows 10 21h2

Github Repositories

https://github.com/j00sean/CVE-2022-44666

Write-up for another forgotten Windows vulnerability (0day): Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape, which was not fully fixed as CVE-2022-44666 in the patches released on December, 2022.

Microsoft Windows Contacts (VCF/Contact/LDAP) syslink control href attribute escape vulnerability (CVE-2022-44666) (0day) This is the story about another forgotten 0day fully disclosed more than 4 years ago by John Page (aka hyp3rlinx) To understand the report, you have to consider i'm stupid :-) And my stupidicity drives me to take longer paths to solve simple issues, b

Recent Articles

IT threat evolution in Q3 2022. Non-mobile statistics
Securelist • AMR • 18 Nov 2022

IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...

Read more...
Patch Tuesday: Yet another Microsoft RCE bug under active exploit
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Oh, and that critical VMware auth bypass vuln? Miscreants found it, too Security News Poll

August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too.  Let's start off with Microsoft's 121 security holes, which are the most interesting of the ever-growing, second-Tuesday patch party. Plus, they include one that Redmond lists as under active attack and a second that it says is also publicly known. Of the 121 Microsoft bugs, 17 are considered critical. Both of the bugs listed as publicly known are ranked as ...

Read more...

References

NVD-CWE-noinfohttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713https://nvd.nist.govhttps://github.com/j00sean/CVE-2022-44666https://www.theregister.co.uk/2022/08/09/august_patch_tuesday_microsoft/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook