Critical severity9.8NVD Advisory· Published Apr 10, 2024· Updated May 15, 2026
CVE-2024-3566
CVE-2024-3566
Description
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords3 versions
>= 1.77.2, < 18.19.0+ 2 more
- (no CPE)range: >= 1.77.2, < 18.19.0
- (no CPE)range: >= 1.77.2, < 18.20.5
- (no CPE)range: >= 1.0.0.0, < 1.6.23.0
- Range: *
Patches
Vulnerability mechanics
References
8- flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/nvdExploitThird Party Advisory
- github.com/nu11secur1ty/Windows11Exploits/tree/main/2024/CVE-2024-3566nvdThird Party Advisory
- kb.cert.org/vuls/id/123335nvdThird Party Advisory
- learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-waynvdTechnical Description
- www.cve.org/CVERecordnvdNot Applicable
- www.cve.org/CVERecordnvdNot Applicable
- www.cve.org/CVERecordnvdNot Applicable
- www.kb.cert.org/vuls/id/123335nvdNot Applicable
News mentions
0No linked articles in our index yet.