CVE-2024-49138CISA KEV: Actively Exploited

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

Published Dec 10, 2024·Updated Dec 10, 2024

Description

Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.

Public Exploits & PoCs6 found

PoC: CVE-2024-49138-POC

POC exploit for CVE-2024-49138

9

PoC: soc-investigation-powershell-edrfreeze

SOC investigation of CVE-2024-49138 exploitation alert involving PowerShell, EDRFreeze execution, and defense evasion behavior in a simulated environment.

1

PoC: SOC335-Event-ID-313-CVE-2024-49138-Exploitation-Detected--Lest-Defend-Writeup

In this lab I walked through an end-to-end intrusion that began with an external RDP break-in, used a brand-new CLFS privilege-escalation exploit (CVE-2024–49138), and ended with SYSTEM-level cloud credential harvesting. Below is the story, the evidence, and the lessons I drew from it.

PoC: DLang-file-encryptor

This is my biggest project yet: a DLang file encryptor that escalates privileges using CVE-2024-49138 and disables Windows Defender.

PoC: letsdefend-cve-2024-49138-investigation

Hands-on SOC investigation of CVE-2024-49138 using LetsDefend, VirusTotal, Hybrid Analysis, TrueFort, and ChatGPT.

PoC: CVE-2024-49138-POC

POC exploit for CVE-2024-49138

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free