CVE-2024-4978 — Actively Exploited: Viewer (Justice AV Solutions)
Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2 server.
| CVE ID | CVE-2024-4978 |
|---|---|
| Vendor | Justice AV Solutions |
| Product | Viewer |
| Vulnerability name | Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability |
| Date added | 2024-05-29 |
| Remediation due | 2024-06-19 |
| Known ransomware use | Unknown |
| Required action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| Description | Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2 server. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →