Vulnerability details
Advisory: SB20241112106 - NTLMv2 hash disclosure in Microsoft Windows MSHTML component
Vulnerable component: Windows
CVE-ID: CVE-2024-43451
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:H/RL:O/RC:C
CWE-ID: CWE-200 - Information exposure
Description:
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to disclosure of a user's NTLMv2 hash. A remote attacker can trick the victim into visiting a specially crafted website and obtain their NTLMv2 hash.
Note, the vulnerability is being actively exploited in the wild.
External links:
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43451