CVE-2024-43621
published 2024-11-12CVE-2024-43621: Windows Telephony Service Remote Code Execution Vulnerability
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Windows Telephony Service Remote Code Execution Vulnerability
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20826 | 10.0.10240.20826 |
| microsoft | windows_10_1607 | < 10.0.14393.7515 | 10.0.14393.7515 |
| microsoft | windows_10_1809 | < 10.0.17763.6532 | 10.0.17763.6532 |
| microsoft | windows_10_21h2 | < 10.0.19044.5131 | 10.0.19044.5131 |
| microsoft | windows_10_22h2 | < 10.0.19045.5131 | 10.0.19045.5131 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20826 | 10.0.10240.20826 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7515 | 10.0.14393.7515 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6532 | 10.0.17763.6532 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.5131 | 10.0.19044.5131 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5131 | 10.0.19045.5131 |
| microsoft | windows_11_22h2 | < 10.0.22621.4460 | 10.0.22621.4460 |
| microsoft | windows_11_23h2 | < 10.0.22631.4460 | 10.0.22631.4460 |
| microsoft | windows_11_24h2 | < 10.0.26100.2314 | 10.0.26100.2314 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4460 | 10.0.22621.4460 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4460 | 10.0.22631.4460 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4460 | 10.0.22631.4460 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2314 | 10.0.26100.2314 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.27415 | 6.1.7601.27415 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22966 | 6.0.6003.22966 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.25165 | 6.2.9200.25165 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22267 | 6.3.9600.22267 |
| microsoft | windows_server_2016 | < 10.0.14393.7515 | 10.0.14393.7515 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7515 | 10.0.14393.7515 |
Microsoft
Windows Telephony Service Remote Code Execution Vulnerability
vendor_msrc·2024-11-12·CVSS 8.8
CVE-2024-43621 [HIGH] CWE-122 Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?
This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client.
FAQ: How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.
Windows Telephony Service: Windows Telephony Service
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Ex
GHSA
GHSA-rgwg-49qg-75jg: Windows Telephony Service Remote Code Execution Vulnerability
ghsa_unreviewed·2024-11-12
CVE-2024-43621 [HIGH] CWE-122 GHSA-rgwg-49qg-75jg: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
No detection rules found.
No public exploits indexed.
2024-11-12
Published