CVE-2024-38178 is a type confusion vulnerability in JScript9.dll, patched by Microsoft in August 2024. It allows bypassing the CVE-2022-41128 patch through incorrect JIT engine optimizations. APT37, a North Korean threat group, exploited this vulnerability in June 2024 against South Korean targets. The exploit enables remote code execution on Windows systems. Affected software includes Microsoft Edge (IE mode) and media players using legacy WebView. The vulnerability stems from improper type validation in the JIT compiler, leading to arbitrary code execution. Mitigation involves updating Windows and disabling IE mode in Edge. Author: AlienVault
Related Tags:
apt37
jscript9.dll
type confusion
cve-2022-41128
ROKRAT – S0240
Software
T1059.007
remote code execution
RokRAT
Associated Indicators:
null