Vulnerabilites related to microsoft - windbg
Vulnerability from fkie_nvd
Published
2025-03-11 17:16
Modified
2025-07-03 14:29
Severity ?
Summary
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windbg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1AE5EE-B216-4A2D-98E6-0D5F0F176BC4",
"versionEndExcluding": "1.2502.25002.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "La verificaci\u00f3n incorrecta de la firma criptogr\u00e1fica en .NET permite que un atacante autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-24043",
"lastModified": "2025-07-03T14:29:14.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2025-03-11T17:16:25.897",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "secure@microsoft.com",
"type": "Primary"
}
]
}
CVE-2025-24043 (GCVE-0-2025-24043)
Vulnerability from cvelistv5
Published
2025-03-11 16:58
Modified
2025-05-19 21:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043 | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T18:27:01.990757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T18:35:16.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "WinDbg",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2502.25002.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windbg:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2502.25002.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-03-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T21:37:53.377Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "WinDbg Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043"
}
],
"title": "WinDbg Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-24043",
"datePublished": "2025-03-11T16:58:53.140Z",
"dateReserved": "2025-01-16T23:11:19.731Z",
"dateUpdated": "2025-05-19T21:37:53.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-200504-0129
Vulnerability from variot
Microsoft Visual C++, Microsoft WinDbg, and OllyDbg are very popular debuggers. An access validation vulnerability exists in the implementation of these debuggers, which allows the user of the debugger to execute arbitrary code on the host. The cause is that the affected application cannot ensure that the code being checked is running in a restricted environment. If a non-armed user attempts to debug an attacker-provided executable, the malicious code in the containing library is run in an uncontrolled manner in the debugger's environment. This vulnerability allows a remote attacker to execute arbitrary code in an environment that is affected by the debugger. Due to the security nature expected of the debugger, even very careful users can suffer. Other debuggers are also likely affected, as the underlying operating system design makes it very difficult to avoid this vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200504-0129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "ollydbg",
"scope": "eq",
"trust": 0.3,
"vendor": "ollydbg",
"version": "1.10"
},
{
"model": "ollydbg",
"scope": "eq",
"trust": 0.3,
"vendor": "ollydbg",
"version": "1.09"
},
{
"model": "8b",
"scope": "eq",
"trust": 0.3,
"vendor": "ollydbg",
"version": "1.0"
},
{
"model": "ollydbg",
"scope": "eq",
"trust": 0.3,
"vendor": "ollydbg",
"version": "1.06"
},
{
"model": "windbg",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "visual c++",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "visual c++ sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++ sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++ sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++ sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++ sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"db": "BID",
"id": "13104"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\"Brett Moore\" \u003cbrett.moore@security-assessment.com\u003e is credited with the disclosure of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "13104"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2005-0831",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2005-0831",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Visual C++, Microsoft WinDbg, and OllyDbg are very popular debuggers. An access validation vulnerability exists in the implementation of these debuggers, which allows the user of the debugger to execute arbitrary code on the host. The cause is that the affected application cannot ensure that the code being checked is running in a restricted environment. If a non-armed user attempts to debug an attacker-provided executable, the malicious code in the containing library is run in an uncontrolled manner in the debugger\u0027s environment. This vulnerability allows a remote attacker to execute arbitrary code in an environment that is affected by the debugger. Due to the security nature expected of the debugger, even very careful users can suffer. Other debuggers are also likely affected, as the underlying operating system design makes it very difficult to avoid this vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"db": "BID",
"id": "13104"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "13104",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2005-0831",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"db": "BID",
"id": "13104"
}
]
},
"id": "VAR-200504-0129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
}
]
},
"last_update_date": "2022-05-17T02:09:30.767000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.security-assessment.com/whitepapers/predebug.pdf"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/whdc/devtools/debugging/default.mspx"
},
{
"trust": 0.3,
"url": "http://home.t-online.de/home/ollydbg/"
},
{
"trust": 0.3,
"url": "/archive/1/395520"
}
],
"sources": [
{
"db": "BID",
"id": "13104"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"db": "BID",
"id": "13104"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"date": "2005-04-11T00:00:00",
"db": "BID",
"id": "13104"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"date": "2005-04-11T00:00:00",
"db": "BID",
"id": "13104"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "13104"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Debugger Malicious Code Execution Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "13104"
}
],
"trust": 0.3
}
}