CVE-2024-38178
published 2024-08-13CVE-2024-38178: Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability
high7.5CVSS 3.1
AVNACHPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2024-09-03
Exploited in the wild
EPSS
39.46%
98.4th percentile
Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20751 | 10.0.10240.20751 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7259 | 10.0.14393.7259 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6189 | 10.0.17763.6189 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.4780 | 10.0.19044.4780 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.4780 | 10.0.19045.4780 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.3147 | 10.0.22000.3147 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4037 | 10.0.22621.4037 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4037 | 10.0.22631.4037 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4037 | 10.0.22631.4037 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.1457 | 10.0.26100.1457 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22134 | 6.3.9600.22134 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7259 | 10.0.14393.7259 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6189 | 10.0.17763.6189 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2655 | 10.0.20348.2655 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
| msrc | windows_11_version_24h2 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The exploit targets Internet Explorer's JScript9.dll (Chakra engine) via a malicious iframe in Toast ad notifications rendered by IE components embedded in third-party free software. ↗
- →RokRAT payload is injected into explorer.exe in four stages; if Avast or Symantec AV is present, injection targets a random binary in C:\Windows\system32 instead — monitor for unusual child processes or injection from those paths. ↗
- →Persistence mechanism: rubyw.exe added to Windows startup and scheduled task firing every four minutes — hunt for rubyw.exe in startup entries and scheduled tasks. ↗
- →RokRAT exfiltrates files with extensions .doc, .mdb, .xls, .ppt, .txt, .amr (among 20 total) to a Yandex cloud instance every 30 minutes — monitor for outbound connections to Yandex cloud storage at regular 30-minute intervals. ↗
- →The exploit is a close variant of the CVE-2022-41128 exploit with only three additional lines of code to bypass Microsoft's prior fixes — existing CVE-2022-41128 detection logic may partially apply. ↗
- →Attack vector requires Edge in Internet Explorer Mode; monitor for Edge processes launching with IE Mode and processing externally-supplied URLs. ↗
- →Check Point IPS signature available: 'Microsoft Scripting Engine Memory Corruption (CVE-2024-38178)' — deploy or validate this IPS rule. ↗
- ·Exploitation requires the target to be using Edge in Internet Explorer Mode — standard Edge or other browsers are not directly vulnerable via this attack path. ↗
- ·Even after Microsoft patched the flaw in August 2024, third-party software embedding outdated IE components may not adopt the patch immediately, leaving users exposed. ↗
- ·The attack was delivered silently via Toast ad notifications in a free software application, meaning users may be compromised without any browser interaction or awareness of IE being invoked. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
cvelistv57.5HIGH
vulncheck7.5HIGH
cisa7.5HIGH
vendor_msrc7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CVEList
Scripting Engine Memory Corruption Vulnerability
cvelistv5·2024-08-13·CVSS 7.5
CVE-2024-38178 [HIGH] CWE-843 Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
VulnCheck
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
vulncheck·2024·CVSS 7.5
CVE-2024-38178 [HIGH] CWE-843 Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.
Affected: Microsoft Windows
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Exploitation References: https://api.msrc.microsoft.com/cvrf/v3.0/cvrf/2024-Aug; https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://asec.ahnlab.com/en/83877/; https://medium.com/s2wblog/unmasking-
Microsoft
Scripting Engine Memory Corruption Vulnerability
vendor_msrc·2024-08-13·CVSS 7.5
CVE-2024-38178 [HIGH] CWE-843 Scripting Engine Memory Corruption Vulnerability
Scripting Engine Memory Corruption Vulnerability
FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution?
This attack requires an authenticated client to click a link so that an unauthenticated attacker can initiate remote code execution.
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to first prepare the target so that it uses Edge in Internet Explorer Mode.
FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
The user would have to click on a specially crafted URL to be comp
CISA
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
cisa·2024-08-13·CVSS 7.5
CVE-2024-38178 [HIGH] CWE-843 Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Vulnerability: Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Affected: Microsoft Windows
Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178; https://nvd.nist.gov/vuln/detail/CVE-2024-38178
Remediation Due Date: 2024-09-03
No detection rules found.
No public exploits indexed.
Tenable
Microsoft Patch Tuesday 2024 Year in Review
blogs_tenable·2024-12-10
Microsoft Patch Tuesday 2024 Year in Review
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Malicious ads exploited Internet Explorer zero day to drop malware
blogs_bleepingcomputer·2024-10-16·CVSS 8.8
CVE-2024-38178 [HIGH] Malicious ads exploited Internet Explorer zero day to drop malware
## Malicious ads exploited Internet Explorer zero day to drop malware
## Bill Toulas
The flaw used in zero-day attacks is tracked as CVE-2024-38178 and is a high-severity type confusion flaw in Internet Explorer.
ASEC and NCSC, responding to the campaign, informed Microsoft immediately, and the tech giant released a security update to address CVE-2024-38178 in August 2024.
Interestingly, the researchers found that ScarCruft's exploit was very similar to the one they used in the past for CVE-2022-41128, with the only addition being three lines of code designed to bypass Microsoft's previous fixes.
## From 'Toast ads' to malware
Toast notifications are pop-ups displayed in the corner of software such as antivirus or free utility programs to display notifications, alerts, or advertiseme
Checkpoint
19th August – Threat Intelligence Report
blogs_checkpoint·2024-08-19
CVE-2024-38178 19th August – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 19th August – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 19th August, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The campaign of United States presidential nominee Donald Trump has had its internal communications hacked and leaked, allegedly by an Iranian threat actor. This aligns with Microsoft’s previous identification of a related spear phishing attack by an Iranian group, raising concerns about foreign interference in the US elect
Trendmicro
The August 2024 Security Update Review
blogs_trendmicro·2024-08-13·CVSS 6.7
[MEDIUM] The August 2024 Security Update Review
## The August 2024 Security Update Review
Get the August 2024 security update and review.
By: Dustin Childs 2024/08/13 Read time: ( words)
Save to Folio
I have successfully survived Summer Hacker Camp, and I hope you have too. And we return just in time for Patch Tuesday and a new crop of 0-days as Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
CVE
Title
Severity
CVSS
Public
Exploited
Type
CVE-2024-38189
Microsoft Project Remote Code Execution Vulnerability
Important
8.8
No
Yes
RCE
CVE-2024-38178
Scripting Engine Memory Corruption Vulnerabil
Krebs
Six 0-Days Lead Microsoft’s August 2024 Patch Push
blogs_krebs·2024-08-13·CVSS 7.0
[HIGH] Six 0-Days Lead Microsoft’s August 2024 Patch Push
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.
Image: Shutterstock.
This month’s bundle of update joy from Redmond includes patches for security holes in Office , .NET , Visual Studio , Azure , Co-Pilot , Microsoft Dynamics , Teams , Secure Boot, and of course Windows itself. Of the six zero-day weaknesses Microsoft addressed this month, half are local privilege escalation vulnerabilities — meaning they are primarily useful for attackers when combined with other flaws or access.
CVE-2024-38106 , CVE-2024-38107 and CVE-2024-38193 all allow an attacker to gain SYSTEM level privileges on a vulnerable machine, although the vulnerabili
Talos
Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
blogs_talos·2024-08-13·CVSS 6.7
[MEDIUM] Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
## Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
Microsoft disclosed six security vulnerabilities that are actively being exploited across its products as part of the company’s regular Patch Tuesday security update.
In all, August’s monthly round of patches from Microsoft included 87 vulnerabilities, seven of which are considered critical. In addition to the zero-days disclosed Tuesday, Microsoft also fixed a security issue that had already been publicly disclosed: CVE-2024-21302 , a vulnerability in Microsoft Office that could result in unauthorized disclosure of sensitive information to malicious actors. Microsoft initially warned about the possibility that attackers could exploit this vulnerabil
Qualys
Microsoft and Adobe Patch Tuesday, August 2024 Security Update Review
blogs_qualys·2024-08-13·CVSS 6.7
[MEDIUM] Microsoft and Adobe Patch Tuesday, August 2024 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for August 2024
Adobe Patches for August 2024
Zero-day Vulnerabilities Patched in August Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in August Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
Microsoft’s August Patch Tuesday updates are out, and they address a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications.
## Microsoft Patch Tuesday for August 2024
Microsoft Patch’s Tuesday, August 202
Tenable
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
blogs_tenable·2024-08-13
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Microsoft & Adobe August 2024 Patch Tuesday Updates | Qualys
blogs_qualys·2024-08-13·CVSS 6.7
[MEDIUM] Microsoft & Adobe August 2024 Patch Tuesday Updates | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for August 2024
- Adobe Patches for August 2024
- Zero-day Vulnerabilities Patched in August Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in August Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
Microsoft’s August Patch Tuesday updates are out, and they address a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications.
## Microsoft Patch Tuesday for August 2024
Microsoft Patch’s Tuesda
Bleepingcomputer
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
blogs_bleepingcomputer·2024-08-13·CVSS 7.5
[HIGH] Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
## Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
## Lawrence Abrams
36 Elevation of Privilege Vulnerabilities
4 Security Feature Bypass Vulnerabilities
28 Remote Code Execution Vulnerabilities
8 Information Disclosure Vulnerabilities
6 Denial of Service Vulnerabilities
7 Spoofing Vulnerabilities
The number of bugs listed above do not include Microsoft Edge flaws that were disclosed earlier this month.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5041585 update and Windows 10 KB5041580 update .
## Ten zero-days disclosed
This month's Patch Tuesday fixes six actively exploited and three other publicly disclosed zero-day vulnerabilities. Another publicly disclosed zero-day remains unf
Talos
Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
blogs_talos·2024-08-13·CVSS 6.7
CVE-2024-21302 [MEDIUM] Talos discovers Microsoft kernel mode driver vulnerabilities that could lead to SYSTEM privileges; Seven other critical issues disclosed
Microsoft disclosed six security vulnerabilities that are actively being exploited across its products as part of the company’s regular Patch Tuesday security update.
In all, August’s monthly round of patches from Microsoft included 87 vulnerabilities, seven of which are considered critical. In addition to the zero-days disclosed Tuesday, Microsoft also fixed a security issue that had already been publicly disclosed: CVE-2024-21302, a vulnerability in Microsoft Office that could result in unauthorized disclosure of sensitive information to malicious actors. Microsoft initially warned about the possibility that attackers could exploit this vulnerability in the wild last week, including being able to reverse older software patches that could re-open them to past vulnerabilities.
Cisco Talo
Krebs
Six 0-Days Lead Microsoft’s August 2024 Patch Push
blogs_krebs·2024-08-13·CVSS 7.0
[HIGH] Six 0-Days Lead Microsoft’s August 2024 Patch Push
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.
This month’s bundle of update joy from Redmond includes patches for security holes in Office, .NET, Visual Studio, Azure, Co-Pilot, Microsoft Dynamics, Teams, Secure Boot, and of course Windows itself. Of the six zero-day weaknesses Microsoft addressed this month, half are local privilege escalation vulnerabilities — meaning they are primarily useful for attackers when combined with other flaws or access.
CVE-2024-38106, CVE-2024-38107 and CVE-2024-38193 all allow an attacker to gain SYSTEM level privileges on a vulnerable machine, although the vulnerabilities reside in different parts
Trendmicro
The August 2024 Security Update Review
blogs_trendmicro·2024-08-13
The August 2024 Security Update Review
# The August 2024 Security Update Review
Get the August 2024 security update and review.
By: Dustin Childs
2024/08/13
Read time: ( words)
Save to Folio
I have successfully survived Summer Hacker Camp, and I hope you have too. And we return just in time for Patch Tuesday and a new crop of 0-days as Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for August 2024
For August, Adobe released 11 security bulletins addressing 71 CVEs in Adobe Illustrator. Dimension, Photoshop, InDesign, Acrobat and Reader, Bridge, Substance 3D Stager, Commerce, InC
Zscaler
Zscaler protects against 8 new vulnerabilities | 08-13-2024
blogs_zscaler·CVSS 7.8
[HIGH] Zscaler protects against 8 new vulnerabilities | 08-13-2024
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Crowdstrike
August 2024 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2024 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Crowdstrike
August 2024 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] August 2024 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2024-08-13
Published
2024-08-13
Added to CISA KEV
Exploited in the wild