CVE-2024-1112

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Jan 31, 2024

Updated: Feb 9, 2024

CWE ID 119

CWE ID 787

Summary

CVE-2024-1112 is a critical heap-based buffer overflow vulnerability affecting Resource Hacker, version 3.6.0.92, developed by Angus Johnson. This issue arises due to an incorrect handling of long filenames in the application. An attacker can exploit this flaw by crafting a maliciously long filename argument, leading to a buffer overflow. Successful exploitation could potentially allow the attacker to execute arbitrary code on the targeted system. Users are advised to update their Resource Hacker installation as soon as a patch becomes available to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uWb2Jz
https://www.cve.org/CVERecord?id=CVE-2024-1112
https://nvd.nist.gov/vuln/detail/CVE-2024-1112

Back to Vulnerability Database

CVE-2024-1112

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations