Skip to content
- The attacker targeted Windows users running specific software with a built-in web viewer.
- They created a domain similar to a legitimate ad agency, serving malicious JavaScript code within their ads.
- This domain was then registered with the targeted software vendor, rendering the malicious ads in the software’s ad pop-up process.
- When users launched the software, the malicious ads would trigger a type confusion vulnerability (CVE-2024-38178) in the JScript9.dll engine, leading to remote code execution.