Justice AV Viewer Setup 8.3.7.250-1 Authenticode Bypass
CVE-2024-4978 Published on May 23, 2024
Malicious Code in Justice AV Solutions (JAVS) Viewer
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
Known Exploited Vulnerability
This Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2 server.
The following remediation steps are recommended / required by June 19, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2024-4978 is exploitable with network access, requires user interaction and user privileges. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Embedded Malicious Code
The application contains code that appears to be malicious in nature. Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program's user in a way the user does not intend.
Products Associated with CVE-2024-4978
stack.watch emails you whenever new vulnerabilities are published in Javs Viewer or Javs Viewer. Just hit a watch button to start following.
Affected Versions
Justice AV Solutions Viewer:- Version 8.3.7.250 is affected.
- Version 8.3.7.250 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.