%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Name
CVE-2024-3566
Description
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
CWEs
Published Date
Updated Date
Workaround
-
Advisories
https://kb.cert.org/vuls/id/123335Third Party Advisory
https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-wayTechnical Description
https://www.cve.org/CVERecord?id=CVE-2024-1874Not Applicable
https://www.cve.org/CVERecord?id=CVE-2024-22423Not Applicable
https://www.cve.org/CVERecord?id=CVE-2024-24576Not Applicable
https://www.kb.cert.org/vuls/id/123335Not Applicable
https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566Third Party Advisory
https://kb.cert.org/vuls/id/123335Third Party Advisory
https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-wayTechnical Description
https://www.cve.org/CVERecord?id=CVE-2024-1874Not Applicable
https://www.cve.org/CVERecord?id=CVE-2024-22423Not Applicable
https://www.cve.org/CVERecord?id=CVE-2024-24576Not Applicable
https://www.kb.cert.org/vuls/id/123335Not Applicable
Analysis#
Vulnerability Ratings#
9.8
CVSSv31
9.8
CVSSv31
NaN
other
Others affected components#
Name
Project
Project Version
Version
Status
buildroot
2025.02.x
8.3.31
Not Affected
buildroot
master
8.5.7
Not Affected
openwrt
master
1.24.13-r1
Not Affected
openwrt
master
1.26.4-r1
Not Affected
openwrt
master
8.4.16-r4
Not Affected
openwrt
openwrt-25.12
1.24.13-r1
Not Affected
openwrt
openwrt-25.12
1.26.4-r1
Not Affected
openwrt
openwrt-25.12
8.4.21-r1
Not Affected
yocto
kirkstone
1.17.13
Not Affected
yocto
kirkstone
1.17.13
Not Affected
yocto
kirkstone
8.1.34
Not Affected
yocto
scarthgap
1.22.12
False Positive
yocto
scarthgap
1.22.12
False Positive
yocto
scarthgap
8.2.31
False Positive