CVE-2023-24884
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
In short
A flaw in Microsoft's printer drivers allows an attacker to execute malicious code on a computer by sending specially crafted print jobs. This affects PostScript and PCL6 printers and can compromise system security.
Technical detail
The vulnerability exists in the PostScript and PCL6 class printer drivers due to improper validation of print job data (CWE-681: Integer Overflow or Wraparound). An attacker can send a malicious print job through the network or local print queue to trigger memory corruption, leading to remote code execution with system privileges.
Summary generated and translated by AI from the official description.
Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Windows 10 Version 1507Microsoft · Windows 10 Version 1607Microsoft · Windows 10 Version 1809Microsoft · Windows 10 Version 20H2Microsoft · Windows 10 Version 21H2Microsoft · Windows 10 Version 22H2Microsoft · Windows 11 version 21H2Microsoft · Windows 11 version 22H2Microsoft · Windows Server 2012Microsoft · Windows Server 2012 R2Microsoft · Windows Server 2012 R2 (Server Core installation)Microsoft · Windows Server 2012 (Server Core installation)Microsoft · Windows Server 2016Microsoft · Windows Server 2016 (Server Core installation)Microsoft · Windows Server 2019Microsoft · Windows Server 2019 (Server Core installation)Microsoft · Windows Server 2022Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →