The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.

For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them.

CVE-2022-4262

• Severity: 8.8 HIGH
• Impacted Products: Google Chrome versions prior to 108.0.5359.94
• Description: Type confusion in V8 allowed remote attackers to potentially exploit heap corruption via a crafted HTML page.
• Remediation: Apply updates per vendor instructions.
• More Info: NVD - CVE-2022-4262
• PoC: https://github.com/mistymntncop/CVE-2022-4262/blob/main/exploit.js

CVE-2024-21412

• Severity: 8.1 HIGH
• Impacted Products: Windows 10/11/Server
• Description: Internet Shortcut Files Smart Screen Bypass Vulnerability.
• Remediation: Refer to Microsoft’s guidance for mitigations or patches.
• More Info: NVD - CVE-2024-21412
• PoC: https://www.trendmicro.com/en_us/research/24/b/cve202421412-water-hydra-targets-traders-with-windows-defender-s.html

CVE-2024-21413

• Severity: 9.8 CRITICAL
• Impacted Products: Microsoft Outlook
• Description: Microsoft Outlook Remote Code Execution Vulnerability.
• Remediation: Follow Microsoft’s advisories for mitigation or patching strategies.
• More Info: NVD - CVE-2024-21413
• PoC: https://github.com/duy-31/CVE-2024-21413/tree/main

References

This list was scraped from the quite amazing and highly recommended newsletters below:

• ~this week in security~
• Unsupervised Learning
• @RISK
• Hive Five
• Vulnerable U
• tl;dr sec

Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.