CVE-2024-21412
HIGH KEV RANSOMWAREInternet Shortcut Files - Privilege Escalation
Title source: llmDescription
Internet Shortcut Files Security Feature Bypass Vulnerability
Exploits (2)
nomisec
WORKING POC
9 stars
by lsr00ter · poc
https://github.com/lsr00ter/CVE-2024-21412_Water-Hydra
patchapalooza
WORKING POC
by auditor-kbfg · client-side
https://github.com/auditor-kbfg/Pentest_Training
Scores
CVSS v3
8.1
EPSS
0.9377
EPSS Percentile
99.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Details
CISA KEV
2024-02-13
VulnCheck KEV
2024-02-13
InTheWild.io
2024-02-13
ENISA EUVD
EUVD-2024-19121
Ransomware Use
Confirmed
CWE
CWE-693
Status
published
Products (9)
microsoft/windows_10_1809
< 10.0.17763.5458
microsoft/windows_10_21h2
< 10.0.19044.4046
microsoft/windows_10_22h2
< 10.0.19045.4046
microsoft/windows_11_21h2
< 10.0.22000.2777
microsoft/windows_11_22h2
< 10.0.22621.3155
microsoft/windows_11_23h2
< 10.0.22631.3155
microsoft/windows_server_2019
< 10.0.17763.5458
microsoft/windows_server_2022
< 10.0.20348.2322
microsoft/windows_server_2022_23h2
< 10.0.25398.709
Published
Feb 13, 2024
KEV Added
Feb 13, 2024
Tracked Since
Feb 18, 2026