[Security] CVE-2024-38112 and WelsonJS framework

[gnh1201]

[Security] CVE-2024-38112 and WelsonJS framework

We have identified that code snippets included in the WelsonJS framework were found in an attack case that exploited the CVE-2024-38112 and CVE-2024-43461 security vulnerability. The attacker utilized part of the app.hta file.

To clarify, we want to emphasize that there is no connection between this attack or the attacker and the WelsonJS project.

The attacker demonstrated the use of VBScript and VBScript obfuscation in the attack.

This does not align with the WelsonJS project, which is entirely based on JavaScript, nor does it correspond to the code protection methods supported by WelsonJS.

Additionally, most of the functionalities we provide are aimed at helping system administrators or security analysts from a defensive standpoint, rather than being used for attacks.

The WelsonJS project utilizes JavaScript and is developed with future compatibility in mind, ensuring support even when the runtime changes.

Thank you.

Related links

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112
• https://nvd.nist.gov/vuln/detail/CVE-2024-38112
• https://www.trendmicro.com/ko_kr/research/24/g/CVE-2024-38112-void-banshee.html
• https://socradar.io/microsoft-fixes-cve-2024-38112-after-over-a-year-of-exploitation-zero-click-threat-of-cve-2024-38021/
• https://www.theregister.com/2024/07/15/zdi_microsoft_vulnerability/
• https://www.tenable.com/cve/CVE-2024-38112
• https://www.darkreading.com/application-security/microsoft-discloses-4-zero-days-in-september-update
• https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/
• https://www.gttkorea.com/news/articleView.html?idxno=12241
• https://www.ncsc.go.kr/main/cop/bbs/selectBoardArticle.do?bbsId=Notification_main&nttId=143575
• https://www.freebuf.com/articles/system/405801.html
• https://hunt.io/blog/echoes-of-stargazer-goblin-analyzing-shared-ttps-from-an-open-directory

Want to share your thoughts?

We run a Discord channel (#welsonjs, Catswords OSS) and ActivityPub @[email protected], and you’re always welcome to join us! Feel free to ask questions or share your opinions anytime.