CVE-2024-38177— Windows App Installer Spoofing Vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-38177
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Windows App Installer Spoofing Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
Windows App Installer Spoofing Vulnerability
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
对输出编码和转义不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Microsoft Windows App Installer 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Microsoft Windows App Installer是美国微软(Microsoft)公司的一个随 Windows 10 和 Windows 11 操作系统提供的工具,它允许用户通过双击 .msix 或 .msixbundle 文件来轻松安装应用程序。这个工具支持从 Web、可选包和相关的集中安装应用,并且可以下载应用安装程序以便在企业中离线使用。 Microsoft Windows App Installer存在安全漏洞。攻击者利用该漏洞执行欺骗攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Microsoft | App Installer | 1.0.0.0 ~ 1.22.11261.0 | - |
II. Public POCs for CVE-2024-38177
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-38177
请登录查看更多情报信息。
Vendor Advisories for CVE-2024-38177 (1)
Same Patch Batch · Microsoft · 2024-08-13 · 82 CVEs total
| CVE-2024-38063 | 9.8 CRITICAL | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2024-38199 | 9.8 CRITICAL | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
| CVE-2024-38140 | 9.8 CRITICAL | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
| CVE-2024-38108 | 9.3 CRITICAL | Azure Stack Hub Spoofing Vulnerability |
| CVE-2024-38159 | 9.1 CRITICAL | Windows Network Virtualization Remote Code Execution Vulnerability |
| CVE-2024-38160 | 9.1 CRITICAL | Windows Network Virtualization Remote Code Execution Vulnerability |
| CVE-2024-38109 | 9.1 CRITICAL | Azure Health Bot Elevation of Privilege Vulnerability |
| CVE-2024-38115 | 8.8 HIGH | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-38131 | 8.8 HIGH | Clipboard Virtual Channel Extension Remote Code Execution Vulnerability |
| CVE-2024-38128 | 8.8 HIGH | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38130 | 8.8 HIGH | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38120 | 8.8 HIGH | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38189 | 8.8 HIGH | Microsoft Project Remote Code Execution Vulnerability |
| CVE-2024-38121 | 8.8 HIGH | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38154 | 8.8 HIGH | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| CVE-2024-38144 | 8.8 HIGH | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38116 | 8.8 HIGH | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-38114 | 8.8 HIGH | Windows IP Routing Management Snapin Remote Code Execution Vulnerability |
| CVE-2024-38180 | 8.8 HIGH | Windows SmartScreen Security Feature Bypass Vulnerability |
| CVE-2024-38211 | 8.2 HIGH | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Showing top 20 of 82 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: Microsoft
- CVE-2026-42901
Microsoft Entra ID Elevation of Privilege Vulnerability - CVE-2026-23663
Microsoft Global Secure Access (GSA) Information Disclosure - CVE-2026-41104
Microsoft Planetary Computer Pro Information Disclosure Vuln - CVE-2026-45659
Microsoft SharePoint Remote Code Execution Vulnerability - CVE-2026-26147
Azure Stack HCI Information Disclosure Vulnerability
Same weakness: CWE-116
- CVE-2026-9354
NousResearch hermes-agent Slack Agent/Mattermost Agent escap - CVE-2026-26028
CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary - CVE-2026-42810
Apache Polaris: could broaden vended S3 credentials through - CVE-2026-42040
Axios: Null Byte Injection via Reverse-Encoding in AxiosURLS - CVE-2026-40567
FreeScout has HTML Injection in Outgoing Emails via Unsaniti
V. Comments for CVE-2024-38177
No comments yet