CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38178

Medium Severity
Microsoft
SVRS
36/100
CVSSv3
7.5/10
EPSS
0.15451/1

CVE-2024-38178 is a Scripting Engine Memory Corruption vulnerability. This flaw allows attackers to potentially execute arbitrary code on a vulnerable system.

The vulnerability, categorized as CWE-843, involves memory corruption within the scripting engine. Despite a CVSS score of 7.5, the SOCRadar Vulnerability Risk Score (SVRS) is 36, indicating a moderate risk level, though this could change quickly due to the active exploits. The presence of "In The Wild," "Exploit Available," and "CISA KEV" tags, means this is an actively exploited vulnerability. Immediate patching is critical if the SVRS increases, as attackers are actively leveraging this vulnerability. This vulnerability represents a significant risk as successful exploitation could lead to complete system compromise.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:R
S:U
C:H
I:H
A:H
E:F
RL:O
RC:C
PUBLICATION DATE2025-04-15
LAST MODIFIED2024-08-13
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-38178 is a scripting engine memory corruption vulnerability that could allow an attacker to execute arbitrary code on a vulnerable system. The vulnerability has a CVSS score of 7.5, indicating a high severity level. However, SOCRadar's unique 'SOCRadar Vulnerability Risk Score' (SVRS) assigns a score of 0, indicating that the vulnerability is not currently considered a critical threat.

Key Insights:

  • Active Exploits: Active exploits have been published to exploit the vulnerability, making it a high-priority target for attackers.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the vulnerability, calling for immediate and necessary measures to mitigate the risk.
  • In the Wild: The vulnerability is actively exploited by hackers, making it a significant threat to organizations.
  • Threat Actors: Specific threat actors or APT groups actively exploiting the vulnerability have not been identified at this time.

Mitigation Strategies:

  • Apply Software Updates: Install the latest software updates from the vendor to patch the vulnerability.
  • Disable Scripting Engine: If possible, disable the scripting engine in the affected application to prevent exploitation.
  • Use a Web Application Firewall (WAF): Implement a WAF to block malicious requests that attempt to exploit the vulnerability.
  • Monitor Network Traffic: Monitor network traffic for suspicious activity that may indicate an exploitation attempt.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
e11bb2478930d0b5f6c473464f2a2b6e2024-10-18
HASH
b18a8ea838b6760f4857843cafe5717d2024-10-21
HASH
b9d4702c1b72659f486259520f48b4832024-10-21
HASH
bd2d599ab51f9068d8c8eccadaca103d2024-10-21
HASH
da2a5353400bd5f47178cd7dae7879c52024-10-21
HASH
e11bb2478930d0b5f6c473464f2a2b6e2024-10-21
HASH
9a17d9b44af34aca4e94242c54e001d7619937632024-10-21

Exploits

TitleSoftware LinkDate
uixss/PoC-CVE-2024-38178https://github.com/uixss/PoC-CVE-2024-381782024-10-24
Microsoft Windows Scripting Engine Memory Corruption Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-381782024-08-13
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Fixing a Bunch of Scripting Engine Vulnerabilities by Disabling Just-In-Time Compiler (CVE-2024-38178)
Mitja Kolsek ([email protected])2025-04-01
Fixing a Bunch of Scripting Engine Vulnerabilities by Disabling Just-In-Time Compiler (CVE-2024-38178) |  August 2024 Windows Updates brought a patch for CVE-2024-38178, a remotely exploitable memory corruption issue
blogspot.com
rss
forum
news
Microsoft Patchday August 2024 - mehrere aktiv ausgenutzte Schwachstellen
CERT.at2025-04-01
Microsoft Patchday August 2024 - mehrere aktiv ausgenutzte Schwachstellen | Mit den im Rahmen des monatlichen Patchdays ausgelieferten Updates behebt Microsoft im August insgesamt 92 Schwachstellen. Au&szlig;ergew&ouml;hnlich ist in diesem Monat die Anzahl an Sicherheitsl&uuml;cken welche bereits aktiv durch Bedrohungsakteure ausgenutzt werden. Bei den missbrauchten L&uuml;cken handelt es sich um CVE-2024-38189, CVE-2024-38178, <
cert.at
rss
forum
news
CVE-2024-38178 | Microsoft Windows up to Server 2022 23H2 Scripting Engine type confusion
vuldb.com2025-03-15
CVE-2024-38178 | Microsoft Windows up to Server 2022 23H2 Scripting Engine type confusion | A vulnerability classified as critical has been found in Microsoft Windows. Affected is an unknown function of the component Scripting Engine. The manipulation leads to type confusion. This vulnerability is traded as CVE-2024-38178. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It
vuldb.com
rss
forum
news
Cyber Threat Alert for South Korea from North Korean Hackers
Trapti Rajput ([email protected])2024-12-13
Cyber Threat Alert for South Korea from North Korean Hackers | &nbsp;In a recent cyber-espionage campaign targeted at the United States, North Korean state-linked hacker ScarCruft recently exploited
blogger.com
rss
forum
news
Microsoft Patch Tuesday 2024 Year in Review
Scott Caveza, Satnam Narang2024-12-11
Microsoft Patch Tuesday 2024 Year in Review | Microsoft addressed over 1000 CVEs as part of Patch Tuesday releases in 2024, including 22 zero-day vulnerabilities. Background Microsoft’s Patch Tuesday, a monthly release of software patches for Microsoft products, has just celebrated its 21st anniversary. After a wrap-up covering the 20th anniversary in 2023, the Tenable Security Response Team (SRT) chose to
securityboulevard.com
rss
forum
news
Tageszusammenfassung - 16.10.2024
CERT.at2024-12-02
Tageszusammenfassung - 16.10.2024 | End-of-Day report Timeframe: Dienstag 15-10-2024 18:00 - Mittwoch 16-10-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: n/a News ASEC and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178) AhnLab SEcurity intelligence Center (ASEC) and the National Cyber Security Center (NCSC) have discovered a new zero-day vulnerability in the Microsoft Internet Explorer (IE) browser and have conducted a detailed analysis on attacks that exploit this vulnerability. This post shares
cert.at
rss
forum
news
Threat Actor Profile: TA-RedAnt
Krypt3ia2024-12-02
Threat Actor Profile: TA-RedAnt | Overview: Associated Sectors Targeted: Operations: Attribution: Indicators of Compromise (IOCs): File Hashes (MD5 / SHA-256): Domains &#38; URLs: Command-and-Control (C2) IP Addresses: Malicious Filenames: Known Malware Artifacts: These IOCs represent common markers of RokRAT infections and should be added to security detection tools (SIEM, EDR, etc.) to monitor for possible compromises. For continuous monitoring, ensure [&#8230;]Overview: Aliases: No known aliases <
wordpress.com
rss
forum
news

Social Media

🔥 North Korean APT group ScarCruft has been linked to the exploitation of a zero-day #Microsoft Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with RokRAT malware. But it all starts with users clicking https://t.co/m1jIYBCLhQ
0
0
0
Operation “Code on Toast”: A Deep Dive into TA-RedAnt’s Exploitation of Zero-Day Flaw (CVE-2024-38178) #cyber #CyberSecurity #cybercrime #CyberAttack #cyberdefense https://t.co/7X9hJyK5B3 vía @the_yellow_fall
0
0
0
Operation “Code on Toast”: A Deep Dive into TA-RedAnt’s Exploitation of Zero-Day Flaw (CVE-2024-38178) https://t.co/uIXblKVSz6
0
0
0
🔥 North Korean APT group ScarCruft has been linked to the exploitation of a zero-day #Microsoft Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with RokRAT malware. But it all starts with users clicking https://t.co/7ti926bV6i
0
0
0
Internet Explorer (IE) の脆弱性 CVE-2024-38178 を悪用:北朝鮮の TA-RedAnt とは? https://t.co/ivNd6risIO #APT #APT37 #ASEC #Exploit #IE #InternetExplorer #JavaScript #Malware #Microsoft #NorthKorea #RAT #RedEyes #Scarcruft #TARedAnt #ToastAds #TTP
0
1
0
North Korea-linked APT37 exploited an Internet Explorer zero-day (CVE-2024-38178) in a supply chain attack via a compromised ad agency. Despite IE's end of support, vulnerabilities persist in some Windows apps, prompting urgent security updates. #CyberSe… https://t.co/0WTVbhsSyG
0
1
2
🚨 UPDATE: #ScarCruft exploits CVE-2024-38178 to deploy RokRAT malware! This #NorthKorean APT group used a patched Windows vulnerability to install RokRAT, leveraging cloud services like Dropbox for C2. Targeting South Korea &amp; beyond, their campaign is named Operation Code on https://t.co/aZgsrL0fDi
0
0
1
Malicious toast pop-up ads exploited Internet Explorer zero day to drop malware. The flaw used in zero-day attacks is tracked as CVE-2024-38178 and is a high-severity type confusion flaw in Internet Explorer. https://t.co/jYm4hTlQEf https://t.co/rnWrVOORfv
0
1
0
Internet Explorer keeps getting pwned ‼️CVE-2024-38178 - APT37 exploited the toast ad program that was using the vulnerable IE browser engine (jscript9.dll) https://t.co/grSa3bAViw
0
0
0
🔥 One click, and chaos begins! North Korean APT group ScarCruft has been linked to the exploitation of a zero-day Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with RokRAT malware. Read: https://t.co/7473o7Gf9r #infosec
0
9
17

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1507
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_10_1607
OSMicrosoftwindows_11_21h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_11_23h2
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_server_2022_23h2
OSMicrosoftwindows_server_2012

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178
SCRIPTING ENGINE MEMORY CORRUPTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178
SCRIPTING ENGINE MEMORY CORRUPTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178

CWE Details

CWE IDCWE NameDescription
CWE-843Access of Resource Using Incompatible Type ('Type Confusion')The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence