CISA Known Exploited Vulnerability (KEV)
Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability
May 29, 2024
June 19, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Description
Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.
References
Weakness Enumeration
| CWE-ID | CWE Name |
|---|---|
|
CWE-506 |
Embedded Malicious Code |