CVE-2024-49079

HIGH

Windows 10 1507-22H2, Windows 11 22H2-24H2, Windows Server 2012-2016 - Remote Code Execution via IME Use-After-Free

Title source: llm
STIX 2.1

Description

Input Method Editor (IME) Remote Code Execution Vulnerability

References (1)

Core 1
Core References

Scores

CVSS v3 7.8
EPSS 0.0095
EPSS Percentile 57.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (36)
Microsoft/Windows 10 Version 1507 10.0.10240.0 - 10.0.10240.20857
Microsoft/Windows 10 Version 1607 10.0.14393.0 - 10.0.14393.7606
Microsoft/Windows 10 Version 1809 10.0.17763.0 - 10.0.17763.6659
Microsoft/Windows 10 Version 21H2 10.0.19043.0 - 10.0.19044.5247
Microsoft/Windows 10 Version 22H2 10.0.19045.0 - 10.0.19045.5247
Microsoft/Windows 11 version 22H2 10.0.22621.0 - 10.0.22621.4602
Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.4602
Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.4602
Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.2605
Microsoft/Windows Server 2012 6.2.9200.0 - 6.2.9200.25222
... and 26 more
Published Dec 12, 2024
Tracked Since Feb 18, 2026