Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine
Essential information
- Published
- 17/10/2024 10:39
- Modified
- 18/10/2024 09:20
- Tags
- 2024-10-17 CVE-2022-41128 CVE-2024-38178 apt37 jscript9.dll remote code execution rokrat type confusion vulnerability windows zero-day
- Related entities
- 1 intrusion sets (apt), 16 techniques (mitre), 1 malware, 1 others
Description
CVE-2024-38178 is a type confusion vulnerability in JScript9.dll, patched by Microsoft in August 2024. It allows bypassing the CVE-2022-41128 patch through incorrect JIT engine optimizations. APT37, a North Korean threat group, exploited this vulnerability in June 2024 against South Korean targets. The exploit enables remote code execution on Windows systems. Affected software includes Microsoft Edge (IE mode) and media players using legacy WebView. The vulnerability stems from improper type validation in the JIT compiler, leading to arbitrary code execution. Mitigation involves updating Windows and disabling IE mode in Edge.