A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions.
Metrics
Affected Vendors & Products
References
History
Fri, 20 Dec 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 18 Dec 2024 23:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 18 Dec 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | |
Weaknesses | CWE-347 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: talos
Published: 2024-12-18T22:38:04.909Z
Updated: 2024-12-20T17:24:19.729Z
Reserved: 2024-08-05T20:37:09.892Z
Link: CVE-2024-41138
Vulnrichment
Updated: 2024-12-18T23:02:55.940Z
NVD
Status : Received
Published: 2024-12-18T23:15:07.813
Modified: 2024-12-18T23:15:07.813
Link: CVE-2024-41138
Redhat
No data.