CVE-2024-1112
Published: 31 January 2024
Summary
CVE-2024-1112 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Angusj Resource Hacker. Its CVSS base score is 7.3 (High).
Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A heap-based buffer overflow vulnerability affects Resource Hacker version 3.6.0.92, developed by Angus Johnson. Tracked as CVE-2024-1112 and linked to CWE-119 and CWE-787, the flaw arises from insufficient bounds checking when processing a long filename argument, which can corrupt heap memory.
An authenticated local user who can supply a malicious filename can trigger the overflow to achieve arbitrary code execution. The vulnerability is rated 7.3 under CVSS 3.1 (AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H), reflecting high impact on confidentiality, integrity, and availability when the required user interaction occurs.
The current EPSS score of 0.3885 matches its recorded peak, indicating no material post-disclosure rise in exploitation probability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-16886
- 🇪🇸 INCIBE: www.incibe.es
Vulnerability details
Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Memory protections (e.g., W^X, ASLR) make exploitation of buffer-boundary violations far harder to turn into code execution.
Ongoing control assessments and code testing (static/dynamic analysis, fuzzing) surface memory buffer restriction failures, which are then remediated before release.
Managed runtimes used by platform-independent applications (e.g., JVM, CLR) enforce memory safety, preventing most buffer overflows that require direct memory manipulation.
Detects exploitation attempts that produce memory corruption, crashes, or anomalous behavior.