Windows Network Address Translation (NAT) Remote Code Execution Vulnerability CVE-2024-38119 Security Vulnerability Released: Sep 10, 2024 Assigning CNA: Microsoft Impact: Remote Code Execution Max Severity: Critical Weakness: CWE-416: Use After Free CVSS Source: Microsoft CVSS:3.1 7.5 / 6.5 Temporal score metrics (3): Exploit Code Example: Detailed Description: The vulnerability allows an attacker to execute arbitrary code on the system by exploiting a buffer overflow in the Network Address Translation (NAT) component of the Windows operating system. The attacker can exploit this vulnerability by sending a specially crafted packet to the system, which can cause the NAT component to overflow and execute arbitrary code. Solution: Microsoft has released a security update to address this vulnerability. Users are advised to apply the update as soon as possible to mitigate the risk of exploitation. Acknowledgements: The vulnerability was reported by Microsoft and has been assigned the CVE identifier CVE-2024-38119.