CVE-2023-29360

CVE Published	2023-06-14
Related CWE(s)	CWE-822: Untrusted Pointer Dereference
Related Vendor(s)	microsoft
Related Product(s)	windows_11_22h2, windows_10_21h2, windows_11_21h2, windows_10_1809, windows_10_1607, windows_10_22h2, windows_server_2016, windows_server_2022, windows_server_2019
Exploitation Reported (CISA KEV)	2024-02-29
CVSS 3 Base Score	8.4 (HIGH)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	LOCAL

Microsoft Streaming Service Elevation of Privilege Vulnerability

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

Pointer Manipulation (CAPEC-129)

This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.

References

CVE.org

View more information about CVE-2023-29360 on the official MITRE CVE website.

NIST National Vulnerability Database

CVE-2023-29360 on the NIST NVD.

CISA Known Exploited Vulnerabilities