CVE-2024-28099

{"id": "CVE-2024-28099", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-04-15T11:15:08.397", "references": [{"url": "https://jvn.jp/en/vu/JVNVU92825069/", "tags": ["Third Party Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://www.keyence.com/vt_vulnerability240329_en", "tags": ["Vendor Advisory"], "source": "vultures@jpcert.or.jp"}, {"url": "https://jvn.jp/en/vu/JVNVU92825069/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.keyence.com/vt_vulnerability240329_en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-427"}]}], "descriptions": [{"lang": "en", "value": "VT STUDIO Ver.8.32 and earlier contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application."}, {"lang": "es", "value": "VT STUDIO Ver.8.32 y anteriores contienen un problema con la ruta de b\u00fasqueda de DLL, lo que puede provocar que se carguen bibliotecas de v\u00ednculos din\u00e1micos de forma insegura. Como resultado, se puede ejecutar c\u00f3digo arbitrario con los privilegios de la aplicaci\u00f3n en ejecuci\u00f3n."}], "lastModified": "2025-06-30T13:50:39.527", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:keyence:vt_studio:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8E3CAC6-A174-42ED-B6BE-8E160A545480", "versionEndIncluding": "8.32"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}