Windows-clfs.sys-二进制-越界写入

高危

Severity and Metrics

Base Score： —

Vector： —

Impact Score： —

Exploitability Score： —

Windows-clfs.sys-二进制-越界写入

EXP

EXP/POC/漏洞分析下载发布时间：2024-12-16 09:58:15 更新时间：2024-12-16 09:58:15

应用类型：操作系统

漏洞类型：越界写入

提交时间：2024-12-13 16:28:29

发现时间：2024-12-13 00:00:00

漏洞描述

Windows CLFS驱动存在一处漏洞，成功利用该漏洞可实现特权提升

相关编号

CVE编号：CVE-2024-49138

CNNVD编号：—

CNVD编号：—

影响版本

Windows 11 Version 22H2 for x64-based Systems Windows 11 Version 22H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Windows Server 2008 R2 for x64-based Systems Service Pack 1 Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Windows Server 2008 for x64-based Systems Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Windows Server 2008 for 32-bit Systems Service Pack 2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems

前置条件

无

影响后果

特权升级

补丁修复信息

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138

Exp漏洞截图及验证视频

Poc漏洞截图及验证视频

操作记录

2024-12-13 16:28:29

提交漏洞

2024-12-16 09:52:31

审核漏洞

2024-12-16 09:58:15

发布漏洞

近期提交漏洞

S2-067-FileUploadInterceptor-目录遍历 Windows-clfs.sys-二进制-越界写入 H3C SecCenter SMP(安全管理平台)-前台-文件上传 Windows-srv2.sys-二进制-空指针取消引用 WordPress-Enable Media Replace插件-文件上传

安全星图平台专注于威胁情报的收集、处理、分析、应用，定期提供高质量的威胁情报。