CVE-2024-4978

Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://twitter.com/2RunJack2/status/1775052981966377148	Third Party Advisory
https://www.javs.com/downloads/	Product Broken Link
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/	Exploit Third Party Advisory
https://twitter.com/2RunJack2/status/1775052981966377148	Third Party Advisory
https://www.javs.com/downloads/	Product Broken Link
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/	Exploit Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4978	US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:javs:javs_viewer:8.3.7.250:*:*:*:*:*:*:*

History

24 Oct 2025, 13:48

Type	Values Removed	Values Added
References	~~() https://www.javs.com/downloads/ - Product~~	() https://www.javs.com/downloads/ - Product, Broken Link
References	~~() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4978 -~~	() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4978 - US Government Resource

21 Oct 2025, 23:16

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4978 -

21 Oct 2025, 20:20

Type	Values Removed	Values Added
References	~~{'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4978', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}~~

21 Oct 2025, 19:20

Type	Values Removed	Values Added
References		() https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4978 -

27 Jan 2025, 21:42

Type	Values Removed	Values Added
References	~~() https://twitter.com/2RunJack2/status/1775052981966377148 - Press/Media Coverage, Third Party Advisory~~	() https://twitter.com/2RunJack2/status/1775052981966377148 - Third Party Advisory
References	~~() https://www.javs.com/downloads/ - Vendor Advisory~~	() https://www.javs.com/downloads/ - Product

Information

Published : 2024-05-23 02:15

Updated : 2025-10-24 13:48

NVD link : CVE-2024-4978

Mitre link : CVE-2024-4978

CVE.ORG link : CVE-2024-4978

JSON object : View

Products Affected

javs

javs_viewer

CWE

CWE-506

Embedded Malicious Code

NVD-CWE-Other

8.4 /10