Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-38178 PoC — Microsoft Scripting Engine 安全漏洞

Source
https://github.com/uixss/PoC-CVE-2024-38178
Associated Vulnerability
Title:Microsoft Scripting Engine 安全漏洞 (CVE-2024-38178)
Description:Microsoft Scripting Engine是美国微软(Microsoft)公司的一种工具,为JScript和VBScript提供脚本引擎。 Microsoft Scripting Engine存在安全漏洞。攻击者利用该漏洞导致系统拒绝服务。以下产品和版本受到影响:Windows 11 Version 24H2 for ARM64-based Systems,Windows 11 Version 24H2 for x64-based Systems,Windows 10 Version 1809
Description
A comprehensive analysis of the executing the malicious code without any user interaction
Readme

#Group123, after infiltrating an advertising company's server, deployed a backdoor using the IE 0day exploit CVE-2024-38178 within ad scripts. This strategy enables a zero-click attack as the ads are served, executing the malicious code without any user interaction.


https://github.com/blackorbird/APT_REPORT/blob/master/group123/(%E1%84%8C%E1%85%A5%E1%86%AB%E1%84%8E%E1%85%A6%E1%84%87%E1%85%A9%E1%86%AB)%E1%84%80%E1%85%A9%E1%86%BC%E1%84%80%E1%85%A2%E1%84%87%E1%85%A9%E1%84%80%E1%85%A9%E1%84%89%E1%85%A5-OperationCodeonToast.pdf

https://asec.ahnlab.com/ko/83876/
File Snapshot

 [4.0K]  /data/pocs/73c8d07be7a4da7b2f78fedf6f471221cf115c96
└── [ 567]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.