Vulnerability Details : CVE-2024-30085

Public exploit exists!
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Published 2024-06-11 17:15:56
Updated 2024-06-21 19:04:40
Source Microsoft Corporation
View at NVD,   CVE.org
Vulnerability category: Gain privilege

Products affected by CVE-2024-30085

Exploit prediction scoring system (EPSS) score for CVE-2024-30085

EPSS FAQ
56.20%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2024-30085

  • Windows Cloud File Mini Filer Driver Heap Overflow
    Disclosure Date: 2024-12-19
    First seen: 2025-03-26
    exploit/windows/local/cve_2024_30085_cloud_files
    This module exploits the Windows Cloud Files Mini FIlter Driver cldflt.sys on Windows workstation versions 10_1809 through 11_23H2 and Windows server versions 2022 to 22_23H2. Authors: - Alex Birnberg - ssd-disclosure - bwatters-r7

CVSS scores for CVE-2024-30085

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.8
 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.8
5.9
 Microsoft Corporation 2024-06-11
7.8
 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/...
N/A
N/A
 MS-CVE-2024-30085 2024-06-11

CWE ids for CVE-2024-30085

  • A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
    Assigned by: secure@microsoft.com (Secondary)

References for CVE-2024-30085

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close