Search criteria
4 vulnerabilities found for windbg by microsoft
FKIE_CVE-2025-24043
Vulnerability from fkie_nvd - Published: 2025-03-11 17:16 - Updated: 2025-07-03 14:29
Severity ?
Summary
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windbg:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FC1AE5EE-B216-4A2D-98E6-0D5F0F176BC4",
"versionEndExcluding": "1.2502.25002.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network."
},
{
"lang": "es",
"value": "La verificaci\u00f3n incorrecta de la firma criptogr\u00e1fica en .NET permite que un atacante autorizado ejecute c\u00f3digo a trav\u00e9s de una red."
}
],
"id": "CVE-2025-24043",
"lastModified": "2025-07-03T14:29:14.207",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
},
"published": "2025-03-11T17:16:25.897",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "secure@microsoft.com",
"type": "Secondary"
}
]
}
CVE-2025-24043 (GCVE-0-2025-24043)
Vulnerability from cvelistv5 – Published: 2025-03-11 16:58 – Updated: 2025-12-17 22:11
VLAI?
Title
WinDbg Remote Code Execution Vulnerability
Summary
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
Severity ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T18:27:01.990757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T18:35:16.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "WinDbg",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2502.25002.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windbg:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2502.25002.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-03-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:11:49.753Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "WinDbg Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043"
}
],
"title": "WinDbg Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-24043",
"datePublished": "2025-03-11T16:58:53.140Z",
"dateReserved": "2025-01-16T23:11:19.731Z",
"dateUpdated": "2025-12-17T22:11:49.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24043 (GCVE-0-2025-24043)
Vulnerability from nvd – Published: 2025-03-11 16:58 – Updated: 2025-12-17 22:11
VLAI?
Title
WinDbg Remote Code Execution Vulnerability
Summary
Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network.
Severity ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-24043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T18:27:01.990757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T18:35:16.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "WinDbg",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "1.2502.25002.0",
"status": "affected",
"version": "1.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:windbg:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.2502.25002.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2025-03-11T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Improper verification of cryptographic signature in .NET allows an authorized attacker to execute code over a network."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T22:11:49.753Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "WinDbg Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24043"
}
],
"title": "WinDbg Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2025-24043",
"datePublished": "2025-03-11T16:58:53.140Z",
"dateReserved": "2025-01-16T23:11:19.731Z",
"dateUpdated": "2025-12-17T22:11:49.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
VAR-200504-0129
Vulnerability from variot - Updated: 2022-05-17 02:09Microsoft Visual C++, Microsoft WinDbg, and OllyDbg are very popular debuggers. An access validation vulnerability exists in the implementation of these debuggers, which allows the user of the debugger to execute arbitrary code on the host. The cause is that the affected application cannot ensure that the code being checked is running in a restricted environment. If a non-armed user attempts to debug an attacker-provided executable, the malicious code in the containing library is run in an uncontrolled manner in the debugger's environment. This vulnerability allows a remote attacker to execute arbitrary code in an environment that is affected by the debugger. Due to the security nature expected of the debugger, even very careful users can suffer. Other debuggers are also likely affected, as the underlying operating system design makes it very difficult to avoid this vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200504-0129",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "ollydbg",
"scope": "eq",
"trust": 0.3,
"vendor": "ollydbg",
"version": "1.10"
},
{
"model": "ollydbg",
"scope": "eq",
"trust": 0.3,
"vendor": "ollydbg",
"version": "1.09"
},
{
"model": "8b",
"scope": "eq",
"trust": 0.3,
"vendor": "ollydbg",
"version": "1.0"
},
{
"model": "ollydbg",
"scope": "eq",
"trust": 0.3,
"vendor": "ollydbg",
"version": "1.06"
},
{
"model": "windbg",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "visual c++",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "7.0"
},
{
"model": "visual c++ sp5",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++ sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++ sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++ sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++ sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "visual c++",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "4.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"db": "BID",
"id": "13104"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "\"Brett Moore\" \u003cbrett.moore@security-assessment.com\u003e is credited with the disclosure of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "13104"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2005-0831",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2005-0831",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft Visual C++, Microsoft WinDbg, and OllyDbg are very popular debuggers. An access validation vulnerability exists in the implementation of these debuggers, which allows the user of the debugger to execute arbitrary code on the host. The cause is that the affected application cannot ensure that the code being checked is running in a restricted environment. If a non-armed user attempts to debug an attacker-provided executable, the malicious code in the containing library is run in an uncontrolled manner in the debugger\u0027s environment. This vulnerability allows a remote attacker to execute arbitrary code in an environment that is affected by the debugger. Due to the security nature expected of the debugger, even very careful users can suffer. Other debuggers are also likely affected, as the underlying operating system design makes it very difficult to avoid this vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"db": "BID",
"id": "13104"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "13104",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2005-0831",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"db": "BID",
"id": "13104"
}
]
},
"id": "VAR-200504-0129",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
}
]
},
"last_update_date": "2022-05-17T02:09:30.767000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.security-assessment.com/whitepapers/predebug.pdf"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/whdc/devtools/debugging/default.mspx"
},
{
"trust": 0.3,
"url": "http://home.t-online.de/home/ollydbg/"
},
{
"trust": 0.3,
"url": "/archive/1/395520"
}
],
"sources": [
{
"db": "BID",
"id": "13104"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"db": "BID",
"id": "13104"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"date": "2005-04-11T00:00:00",
"db": "BID",
"id": "13104"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2005-0831"
},
{
"date": "2005-04-11T00:00:00",
"db": "BID",
"id": "13104"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "13104"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Debugger Malicious Code Execution Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2005-0831"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "13104"
}
],
"trust": 0.3
}
}