⚠
Imported from CISA KEV catalog — never analyzed by ThreatLevel. This CVE is part of the CISA Known Exploited Vulnerabilities catalog. Only data from CISA KEV and NVD is shown below; no AI analysis or priority classification has been computed.
Summary
Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.
Classification
This CVE has no priority classification because it was imported directly from the CISA KEV catalog without running the AI analysis pipeline. CISA KEV listing implies active exploitation in the wild; treat with the urgency that implies.
Exploitation Details
Type
—
Is exploitable with default configuration?
?
Is authentication needed?
?
PoC / Exploit
No
Impact
—
Detection Resources
Manual Detection
0
Script Detection
0
Scanner Detection
0
Affected Software
Vendor:Microsoft
| Product | Affected Versions |
|---|---|
| Windows | Unknown |
Deployment:—
|Protocol:—
|Ports:—
Enterprise UsageEstimated likelihood that this vendor/product is deployed in enterprise environments. AI-generated estimation based on market presence, product type and adoption signals — not exact data.
Very Low
Low
Medium
High
Very High
Vendor Size:—
Vendor Notifications
Not availableRemediation
Workaround
Not available
Patch
Not available
Update
Not available
Threat Intelligence
EPSS Score10.8%
Probability of exploitation in the next 30 days
EPSS Percentile93%
Worse than 93% of all CVEs
Last updated: Loading...
CISA KEV
Listed
Loading...
Threat Actors
No known threat actors
Detection Rules
No detection rules available
NVD Data
Published: Loading...Modified: Loading...
Description Summary
CVSS Base Score
8.8
High
CVSS Vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Attack Vector (AV)
Physical
Local
Adjacent
Network
Attack Complexity (AC)
High
Low
Privileges Required (PR)
High
Low
None
User Interaction (UI)
Required
None
Scope (S)
Unchanged
Changed
Confidentiality (C)
None
Low
High
Integrity (I)
None
Low
High
Availability (A)
None
Low
High
CWE:CWE-451 User Interface (UI) Misrepresentation of Critical Information
|NVD:CVE-2024-43461
|Version From:—
|Version Upto:10.0.10240.20766, 10.0.10240.20766, 10.0.14393.7336, 10.0.14393.7336, 10.0.17763.6293, 10.0.19044.4894, 10.0.19045.4894, 10.0.19045.4894, 10.0.19045.4894, 10.0.22000.3197, 10.0.22621.4169, 10.0.22621.4169, 10.0.22631.4169, 10.0.26100.1742, 10.0.14393.7336, 10.0.17763.6293, 10.0.20348.2700, 10.0.25398.1128
Affected Software (CPE) (23)
- •cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
- •cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
- •cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
- •cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
- •cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
- •cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
- •cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*
- •cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*
- •cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*
- •cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
- •cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
- •cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*
- •cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*
- •cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*
- •cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
- •cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
- •cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*
- •cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:x64:*
- •cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:x64:*
- •cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
- •cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
- •cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
- •cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Sources
No sources
Priority History
No priority changes recorded