| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-38112 | Microsoft Windows MSHTML Platform Spoofing Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited through a victim visiting a malicious Web page or to clicking on an unsafe link. After visiting the website or clicking on the link, an adversary would gain the ability to execute arbitrary code on the victim system.
References
|
| CVE-2024-38112 | Microsoft Windows MSHTML Platform Spoofing Vulnerability | exploitation_technique | T1204.001 | Malicious Link |
Comments
This vulnerability is exploited through a victim visiting a malicious Web page or to clicking on an unsafe link. After visiting the website or clicking on the link, an adversary would gain the ability to execute arbitrary code on the victim system.
References
|
| CVE-2025-24054 | Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability | exploitation_technique | T1566 | Phishing |
Comments
Using a crafted .library-ms file, attackers can exploit this spoofing vulnerability to gain access to NTLM hashes on the system. This was officially patched by Microsoft on March 11, 2025, but has been exploited in the wild as of March 19, 2025.
References
|
| CVE-2025-24054 | Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability | primary_impact | T1555 | Credentials from Password Stores |
Comments
Using a crafted .library-ms file, attackers can exploit this spoofing vulnerability to gain access to NTLM hashes on the system. This was officially patched by Microsoft on March 11, 2025, but has been exploited in the wild as of March 19, 2025.
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| CVE-2024-38112 | Microsoft Windows MSHTML Platform Spoofing Vulnerability | 2 |
| CVE-2025-24054 | Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability | 2 |