Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine
Oct. 18, 2024, 9:20 a.m.
Tags
External References
Description
CVE-2024-38178 is a type confusion vulnerability in JScript9.dll, patched by Microsoft in August 2024. It allows bypassing the CVE-2022-41128 patch through incorrect JIT engine optimizations. APT37, a North Korean threat group, exploited this vulnerability in June 2024 against South Korean targets. The exploit enables remote code execution on Windows systems. Affected software includes Microsoft Edge (IE mode) and media players using legacy WebView. The vulnerability stems from improper type validation in the JIT compiler, leading to arbitrary code execution. Mitigation involves updating Windows and disabling IE mode in Edge.
Date
Published: Oct. 17, 2024, 10:39 a.m.
Created: Oct. 17, 2024, 10:39 a.m.
Modified: Oct. 18, 2024, 9:20 a.m.
Attack Patterns
ROKRAT - S0240
APT37
T1012
T1059.007
T1497
T1071.001
T1573
T1203
T1082
T1057
T1105
T1083
T1055
T1140
T1132
T1027
T1112
T1190
Additional Informations
Software