- Description
- Scripting Engine Memory Corruption Vulnerability
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 5.9
- Exploitability score
- 1.6
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Microsoft Windows Scripting Engine Memory Corruption Vulnerability
- Exploit added on
- Aug 13, 2024
- Exploit action due
- Sep 3, 2024
- Required action
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- nvd@nist.gov
- NVD-CWE-noinfo
- secure@microsoft.com
- CWE-843
- Hype score
- Not currently trending
🔥 North Korean APT group ScarCruft has been linked to the exploitation of a zero-day #Microsoft Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with RokRAT malware. But it all starts with users clicking… https://t.co/qep544H9
@johnwalshiii
19 Feb 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 North Korean APT group ScarCruft has been linked to the exploitation of a zero-day #Microsoft Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with RokRAT malware. But it all starts with users clicking… https://t.co/HZpV4ELW
@johnwalshiii
10 Jan 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
北朝鮮ハッカー RedAnt による Code on Toast 攻撃:IE のゼロデイ CVE-2024-38178 を悪用 https://t.co/pyfcXbm6S5 この Code on Toast という攻撃手法ですが、Web コンテンツ内のフレーム内に、悪意の広告が表示され、そこで IE の脆弱性が悪用されるというものです。 2024/10/16 にも、「Internet… https://t.co/67DDOdvoCI
@iototsecnews
10 Dec 2024
1425 Impressions
7 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
Operation “Code on Toast”: A Deep Dive into TA-RedAnt’s Exploitation of Zero-Day Flaw (CVE-2024-38178) #cyber #CyberSecurity #cybercrime #CyberAttack #cyberdefense https://t.co/7X9hJyK5B3 vía @the_yellow_fall
@docangelmtz1
2 Dec 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
北朝鮮関連のハッカー集団TA-RedAnt/APT37によるIEのゼロデイ脆弱性(CVE-2024-38178)の悪用について。韓国国家サイバーセキュリティセンター及びAhnLab社の報告。韓国内広告代理店のサーバに侵入し、トースト広告のHTMLコード中に悪性iframeを注入。RokRATに繋がる。 https://t.co/3u3BqjAZjq
@__kokumoto
2 Dec 2024
1138 Impressions
4 Retweets
14 Likes
5 Bookmarks
0 Replies
0 Quotes
🔥 North Korean APT group ScarCruft has been linked to the exploitation of a zero-day #Microsoft Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with RokRAT malware. But it all starts with users clicking… https://t.co/NYPeN8hd
@johnwalshiii
1 Dec 2024
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38178
@transilienceai
19 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-38178
@transilienceai
17 Nov 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-38178
@transilienceai
10 Nov 2024
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
"揭秘APT37:朝鲜黑客组织的攻击手法及工具" published by David_Jou. #APT37, #CVE-2024-38178, #VeilShell, #DPRK, #CTI https://t.co/lHRVwsaaKL
@lazarusholic
10 Nov 2024
560 Impressions
3 Retweets
11 Likes
3 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-38178
@transilienceai
8 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-38178
@transilienceai
5 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-38178
@transilienceai
4 Nov 2024
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-38178
@transilienceai
30 Oct 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-38178
@transilienceai
29 Oct 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
APT37(Richochet Chollima)が韓国の広告代理店のサーバーに侵入し、韓国人が広く利用しているフリーソフトのトースト広告を用いて CVE-2024-38178 悪用する攻撃を行っていたとのこと。 https://t.co/ungZ00p2uv
@ntsuji
20 Oct 2024
2649 Impressions
4 Retweets
9 Likes
5 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-38178 2 - CVE-2024-9264 3 - CVE-2024-48904 4 - CVE-2019-5790 5 - CVE-2024-7254 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
20 Oct 2024
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
North Korea-linked APT37 exploited an Internet Explorer zero-day (CVE-2024-38178) in a supply chain attack via a compromised ad agency. Despite IE's end of support, vulnerabilities persist in some Windows apps, prompting urgent security updates. #CyberSe… https://t.co/0WTVbhsSyG
@Cyber_O51NT
20 Oct 2024
1702 Impressions
12 Retweets
33 Likes
5 Bookmarks
0 Replies
0 Quotes
Unmasking CVE-2024-38178: The Silent Threat of Windows Scripting Engine https://t.co/KzopZKT5n2 #Pentesting #Windows #CyberSecurity #Infosec https://t.co/cLdutgqkgr
@ptracesecurity
19 Oct 2024
1611 Impressions
9 Retweets
25 Likes
10 Bookmarks
0 Replies
0 Quotes
CVE-2024-38178: North Korean Hackers Exploit Windows Flaw to Spread RokRAT https://t.co/zmORizl2yC
@the_yellow_fall
19 Oct 2024
179 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
North Korean Hackers Exploit Zero-Day Flaw in "Operation Code on Toast" Stay protected from the Operation Code on Toast campaign. Find out about the new zero-day vulnerability CVE-2024-38178 in Microsoft IE and the targeted attack https://t.co/JYXhPgfGrj
@the_yellow_fall
752 Impressions
6 Retweets
7 Likes
4 Bookmarks
0 Replies
0 Quotes
#Group123, after infiltrating an advertising company's server, deployed a backdoor using the IE 0day exploit CVE-2024-38178 within ad scripts. This strategy enables a zero-click attack as the ads are served, executing the malicious code without any user interaction. sample:… http
@blackorbird
11605 Impressions
32 Retweets
108 Likes
49 Bookmarks
1 Reply
4 Quotes
📌 الجهة المهددة من كوريا الشمالية المعروفة باسم ScarCruft استغلت ثغرة يوم الصفر في ويندوز infect الأجهزة ببرمجيات خبيثة تُعرف بـ RokRAT. الثغرة، CVE-2024-38178، هي خلل في الذاكرة سجلت درجة CVSS تبلغ 7.5، مما يسمح بتنفيذ رموز عن بُعد عند استخدام متصفح Edge في وضع Internet Explo…
@cyberetweet
96 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
North Korean APT group ScarCruft has been linked to the exploitation of a zero-day Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with RokRAT malware.
@asdfg12346782
5 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔥 One click, and chaos begins! North Korean APT group ScarCruft has been linked to the exploitation of a zero-day Windows flaw (CVE-2024-38178), targeting unpatched Internet Explorer Mode in Edge, infecting devices with RokRAT malware. Read: https://t.co/7473o7Gf9r #infosec
@TheHackersNews
13917 Impressions
58 Retweets
126 Likes
18 Bookmarks
6 Replies
3 Quotes
『따라서 공격자는 이미 지원이 종료된 취약한 IE 브라우저의 엔진(jscript9.dll)을 사용하고 있는 토스트 광고 프로그램을 최초 침투 벡터로 악용하였다.』 #APT37 안랩과 국가사이버안보센터(NCSC), 합동 보고서 배포 및 Microsoft 브라우저 0-DAY 발견 (CVE-2024-38178) https://t.co/iJqiKrWemo
@autumn_good_35
157 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 UPDATE: #ScarCruft exploits CVE-2024-38178 to deploy RokRAT malware! This #NorthKorean APT group used a patched Windows vulnerability to install RokRAT, leveraging cloud services like Dropbox for C2. Targeting South Korea & beyond, their campaign is named Operation Code on
@socradar
186 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
北朝鮮のハッカー集団がMicrosoft IEのゼロデイを悪用(CVE-2024-38178) | Codebook https://t.co/dfl0gOavz3 #izumino_trend
@sec_trend
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ITW Zero-Day Vulnerability Discovery: #APT37 (#Scarcruft) 🚨 For Responsible Disclosure, we disclose relevant details at this time: Unmasking CVE-2024-38178 The Silent Threat of Windows Scripting Engine 🔗 https://t.co/HVtEAsXcfV 🔍 Key findings: - The attack used a freeware
@2RunJack2
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Malicious toast pop-up ads exploited Internet Explorer zero day to drop malware. The flaw used in zero-day attacks is tracked as CVE-2024-38178 and is a high-severity type confusion flaw in Internet Explorer. https://t.co/jYm4hTlQEf https://t.co/rnWrVOORfv
@riskigy
49 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE",
"versionEndExcluding": "10.0.10240.20751"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F",
"versionEndExcluding": "10.0.14393.7259"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E",
"versionEndExcluding": "10.0.17763.6189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98",
"versionEndExcluding": "10.0.19044.4780"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B",
"versionEndExcluding": "10.0.19045.4780"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E",
"versionEndExcluding": "10.0.22000.3147"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8",
"versionEndExcluding": "10.0.22621.4037"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA",
"versionEndExcluding": "10.0.22631.4037"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47",
"versionEndExcluding": "10.0.26100.1457"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA",
"versionEndExcluding": "10.0.14393.7259"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71",
"versionEndExcluding": "10.0.17763.6189"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA",
"versionEndExcluding": "10.0.20348.2655"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768",
"versionEndExcluding": "10.0.25398.1085"
}
],
"operator": "OR"
}
]
}
]