CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38200

Critical Severity
Microsoft
SVRS
84/100
CVSSv3
6.5/10
EPSS
0.56727/1

CVE-2024-38200 is a Microsoft Office Spoofing Vulnerability that could allow attackers to mislead users. Given its SVRS score of 84, this vulnerability is considered critical and requires immediate attention. The vulnerability allows for potential information disclosure by spoofing content.

Exploits for CVE-2024-38200 are actively being used in the wild, meaning attackers are already leveraging this flaw. This vulnerability is particularly dangerous as it can be used to craft convincing phishing attacks or to mask malicious content as legitimate, leading users to unknowingly compromise their systems. Successful exploitation of CVE-2024-38200 allows an attacker to retrieve sensitive information. With an Exploit Available organizations must prioritize patching and mitigation efforts to prevent potential attacks.

TAGS
In The Wild
Vendor-advisory
Exploit Available
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:R
S:U
C:H
I:N
A:N
E:U
RL:O
RC:C
PUBLICATION DATE2025-05-02
LAST MODIFIED2024-08-08
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-38200 is a critical vulnerability with a SVRS of 85, indicating a high risk of exploitation. It affects multiple versions of the Apache HTTP Server, allowing remote attackers to execute arbitrary code on vulnerable systems.

Key Insights:

  • Active Exploits: Active exploits have been published, making this vulnerability a high-priority target for attackers.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • Threat Actors: Threat actors and APT groups are actively exploiting this vulnerability.
  • In the Wild: The vulnerability is actively exploited by hackers in the wild.

Mitigation Strategies:

  • Update Apache HTTP Server: Install the latest security updates for Apache HTTP Server to patch the vulnerability.
  • Disable Vulnerable Modules: Disable any unnecessary modules in Apache HTTP Server to reduce the attack surface.
  • Implement Web Application Firewall (WAF): Deploy a WAF to block malicious traffic and protect against exploitation attempts.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity and investigate any anomalies.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosurehttps://www.office.com/2025-04-03
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Monday, August 12th, 2024
Dr. Johannes B. Ullrich2024-08-12
ISC StormCast for Monday, August 12th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. CORS/SameOrigin Video; E-Mail Parser Issues; Apache HTTP Confusion Attacks; Office Spoofing 0-Day;CORS/SameOrigin Video https://isc.sans.edu/forums/diary/Video%3A%20Same%20Origin%2C%20CORS%2C%20DNS%20Rebinding%20and%20Localhost/31158/ Splitting the email atom: exploiting parsers to bypass access controls https://portswigger.net/research/splitting-the-email-atom#parser-discrepancies Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server! https://blog.orange.tw
sans.edu
rss
forum
news
CVE-2024-38200 | Microsoft Office/365 Apps for Enterprise information disclosure
vuldb.com2025-02-28
CVE-2024-38200 | Microsoft Office/365 Apps for Enterprise information disclosure | A vulnerability was found in Microsoft Office and 365 Apps for Enterprise and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-38200. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.
vuldb.com
rss
forum
news
The August 2024 Security Update Review
Dustin Childs2024-11-01
The August 2024 Security Update Review | I have successfully survived Summer Hacker Camp, and I hope you have too. And we return just in time for Patch Tuesday and a new crop of 0-days as Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches
zerodayinitiative.com
rss
forum
news
Microsoft patches six actively exploited vulnerabilities - CSO Online
2024-08-13
Microsoft patches six actively exploited vulnerabilities - CSO Online | News Content: Microsoft’s August Patch Tuesday covered 10 zero-day flaws, of which six are being exploited in the wild and four are publicly disclosed. Credit: Clint Patterson / Unsplash Microsoft fixed 88 vulnerabilities on Tuesday as part of its monthly patching cycle. Six of those flaws were already being actively exploited in the wild before a patch was available and another four were publicly disclosed, putting the total number of zero-day vulnerabilities covered in this release at 10. Of the 88 vulnerabilities patched only seven are rated critical, 79 are
google.com
rss
forum
news
Tageszusammenfassung - 12.08.2024
CERT.at2024-08-12
Tageszusammenfassung - 12.08.2024 | End-of-Day report Timeframe: Freitag 09-08-2024 18:00 - Montag 12-08-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a News Passwortmanager und VPN-Apps: Klartextpasswörter aus Prozessspeicher gelesen Passwörter landen bei der Verarbeitung zwangsläufig im Speicher. Bei einigen Anwendungen verbleiben sie dort aber zu lange, was die Angriffsfläche vergrößert. https://www.golem.de/news/passwortmanager-und-vpn-apps-klartextpasswoerter-aus-prozessspeicher-gelesen-2408-187937.html Verschlüsselung ausgehebelt: Forscher übernimmt Kontrolle
cve-2024-7589
cve-2024-38200
domains
urls
Data Breaches Digest - Week 33 2024
Dunkie ([email protected])2024-08-12
Data Breaches Digest - Week 33 2024 | Welcome to this week's Data Breaches Digest, a catalogue of links concerning Data Breaches and Cyber Security that were published on the Internet during the period between 12th August and 18th August 2024. 18th August <br
cve-2024-38063
cve-2024-38200
cve-2024-28986
dbdigest.com

Social Media

PoC Exploit Released for Microsoft Office 0-day Flaw – CVE-2024-38200 Security researchers have released a proof-of-concept (PoC) exploit for the recently disclosed Microsoft Office vulnerability CVE-2024-38200, which could allow attackers to capture u... https://t.co/HQ8rDsBkaQ
0
0
0
[1day1line] CVE-2024-38200: Microsoft Office NTLMv2 Leak Vulnerability Redirection to a UNC path allows you to bypass an error popup that starts when using ms-word:ofe|u|http:// and leak the NTLMv2 hash. https://t.co/6DYawMyXi4
0
1
0
0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released https://t.co/Z2TnUJAqjT CVE-2024-7025 | Tenable® https://t.co/4LhedVGq5Q
0
0
0
CVE-2024-38200 : PoC and wirte-up for Microsoft Office NTLMv2 Disclosure Vulnerability https://t.co/DMJX9RlX5Z
0
0
0
🗣 0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released https://t.co/lu0dVQ342V
0
0
0
0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released Learn how a newly discovered vulnerability in Microsoft Office can compromise your data security. Explore the details of CVE-2024-38200 exploit and its implications. https://t.co/xY4hhezKCH
0
1
0
0-Day Flaw CVE-2024-38200 in Microsoft Office Exposes NTLMv2 Hashes: PoC Exploit Released https://t.co/J2fWzJzkZe
0
1
6
NVD - CVE-2024-38200 (https://t.co/OVCCBytf9e) https://t.co/BsSftdxWB1
0
0
0
Got a CVE-2024-38200 - Microsoft Office NTLMv2 Disclosure Vulnerability
0
0
0
Actively exploited CVE : CVE-2024-38200
1
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppMicrosoftoffice_long_term_servicing_channel
AppMicrosoftoffice
AppMicrosoft365_apps

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
MICROSOFT OFFICE SPOOFING VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
MICROSOFT OFFICE SPOOFING VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200

CWE Details

CWE IDCWE NameDescription
CWE-200Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence