CVE-2024-38112

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 11 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

92.96%

probability

This CVE has a 92.96% probability of being exploited in the next 30 days.

0% Top 99.8th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-221 CWE-451 · User Interface (UI) Misrepresentation of Critical Information CWE-664 · Improper Control of a Resource Through its Lifetime CWE-684 CWE-710

Cybersecurity Threat Landscape 2024 Midyear Review

Qualys Aug 06, 2024

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

TheHackerNews

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

TheHackerNews

Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review

Qualys Jul 09, 2024

Microsoft's July Update Patches 143 Flaws, Including Two Actively Exploited

TheHackerNews

Windows vulnerability abused braille “spaces” in zero-day attacks

BleepingComputer Sep 15, 2024

Windows MSHTML zero-day used in malware attacks for over a year

BleepingComputer Jul 10, 2024

CISA warns of Windows flaw used in infostealer malware attacks

BleepingComputer Sep 16, 2024

Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days

BleepingComputer Jul 09, 2024

Security Advisory 2024-067

CERT-EU Jul 12, 2024

Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer

TheHackerNews

Signal Intelligence

Confidenceⓘ

92%

EPSS 92.96%

Mentions 11

Last Seen Sep 16, 2024

CNA Information

Analyst Note

CVE-2024-38112 explicitly identified as a zero-day in multiple authoritative sources (BleepingComputer articles explicitly state 'zero-day attacks' and 'MSHTML zero-day'). Exploitation documented in the wild over an extended period before the July 2024 patch, meeting the core zero-day criteria of in-the-wild exploitation preceding patch availability.