CVE-2021-28468: Microsoft Windows Raw Image Extension CR3 File Parsing Type Confusion Remote Code Execution Vulnerability
First published: Tue Apr 13 2021(Updated: )
Raw Image Extension Remote Code Execution Vulnerability
Credit: secure@microsoft.com secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Raw Image Extension |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-28468?
CVE-2021-28468 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Microsoft Raw Image Extension.
How can this vulnerability be exploited?
This vulnerability can be exploited by remote attackers if the target visits a malicious page or opens a malicious file.
What is the severity of CVE-2021-28468?
The severity of CVE-2021-28468 is high with a CVSS score of 7.8.
What software is affected by this vulnerability?
The Microsoft Raw Image Extension is affected by this vulnerability.
Is user interaction required to exploit this vulnerability?
Yes, user interaction is required to exploit this vulnerability.
- collector/nvd-index
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/msrc-cve
- source/Microsoft
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-421
- alias/ZDI-CAN-12472
- alias/CVE-2021-28468
- agent/weakness
- agent/references
- agent/title
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft raw image extension