CVE-2024-26339
Published: 05 March 2024
Summary
CVE-2024-26339 is a critical-severity an unspecified weakness vulnerability in Swftools Swftools. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 40.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-23608
Vulnerability details
swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
strcpy parameter overlap in swfc (SWF compiler) enables memory corruption exploitable for arbitrary code execution via malicious ActionScript input files, facilitating Exploitation for Client Execution.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.