{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T05:20:13.883","vulnerabilities":[{"cve":{"id":"CVE-2024-12668","sourceIdentifier":"cve@rapid7.com","published":"2024-12-16T15:15:06.807","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the  g_CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system - allowing attackers to load unsigned drivers."},{"lang":"es","value":"Las versiones de Velocidex WinPmem anteriores a la 4.1 sufren una vulnerabilidad de escritura fuera de los límites. Al usar un control de E/S, un programa de espacio de usuario puede engañar al controlador para que escriba un 0 en cualquier ubicación de memoria elegida. Junto con la fuga de información del controlador WinPmem, los atacantes pueden descubrir la ubicación en la memoria del símbolo global g_CiOptions. Esto se puede aprovechar para desactivar la aplicación de controladores firmados en el sistema de destino, lo que permite a los atacantes cargar controladores no firmados."}],"metrics":{"cvssMetricV31":[{"source":"cve@rapid7.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":6.0}]},"weaknesses":[{"source":"cve@rapid7.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"references":[{"url":"https://github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1","source":"cve@rapid7.com"}]}}]}