CVE-2024-23440 HIGH

CVE-2024-23440: Vba32 Antivirus v3.36.0 - Arbitrary Memory Read

Vendor Virusblokada
Product Vba32 Antivirus
Weakness CWE-125
Published February 13, 2024
Last update May 19, 2025

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

What the vulnerability does

01Description

Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer.

Key dates

02Disclosure timeline

February 13, 2024 CVE published
May 19, 2025 Record updated