Skip to main content

CVE-2024-1186: CWE-404 Denial of Service in Munsoft Easy Archive Recovery

Low
VulnerabilityCVE-2024-1186cvecve-2024-1186cwe-404
Published: Fri Feb 02 2024 (02/02/2024, 17:00:07 UTC)
Source: CVE Database V5
Vendor/Project: Munsoft
Product: Easy Archive Recovery

Description

A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

AI-Powered Analysis

AILast updated: 07/11/2025, 22:34:11 UTC

Technical Analysis

CVE-2024-1186 is a denial of service (DoS) vulnerability identified in Munsoft Easy Archive Recovery version 2.0, specifically within the Registration Key Handler component. The vulnerability is classified under CWE-404, which relates to improper resource shutdown or release. The flaw allows an attacker with local access and low privileges to manipulate the component in a way that causes the application to become unavailable or crash, resulting in a denial of service. The vulnerability does not require user interaction but does require local access and low-level privileges, making remote exploitation infeasible. The CVSS v3.1 base score is 3.3, indicating a low severity primarily due to the limited attack vector (local) and the limited impact (availability only). No confidentiality or integrity impacts are noted. The vendor Munsoft was contacted prior to public disclosure but did not respond, and no patches or mitigations have been released at this time. The exploit details have been publicly disclosed, but there are no known exploits in the wild. This vulnerability affects only version 2.0 of Easy Archive Recovery, a specialized tool used for archive file recovery and data extraction. Given the nature of the vulnerability, it is unlikely to be exploited remotely or at scale but could be leveraged by an insider or local attacker to disrupt operations on a compromised system running this software.

Potential Impact

For European organizations, the impact of CVE-2024-1186 is generally limited due to the low severity and local attack requirements. However, organizations that rely on Munsoft Easy Archive Recovery 2.0 for critical data recovery tasks could experience operational disruptions if a local attacker triggers the denial of service, potentially delaying recovery efforts or forensic investigations. This could be particularly impactful in sectors where timely data recovery is essential, such as legal, financial, or governmental institutions. Since the vulnerability does not affect confidentiality or integrity, the risk of data breach or manipulation is minimal. The lack of vendor response and absence of patches increases the risk that affected organizations must rely on workarounds or mitigations to maintain availability. The threat is less relevant for organizations that do not use this specific software or have upgraded to other versions or alternative tools.

Mitigation Recommendations

Given the absence of an official patch, European organizations should implement the following specific mitigations: 1) Restrict local access to systems running Munsoft Easy Archive Recovery 2.0 to trusted personnel only, minimizing the risk of local exploitation. 2) Monitor and audit usage of the application and system logs for unusual activity that could indicate attempts to exploit the vulnerability. 3) Consider isolating the software on dedicated recovery workstations with limited network connectivity and hardened user permissions to reduce attack surface. 4) Evaluate alternative archive recovery tools that do not have this vulnerability or have active vendor support. 5) If possible, upgrade to a newer version of the software if available or contact the vendor for guidance. 6) Implement endpoint protection solutions that can detect abnormal process behavior or crashes related to the application. 7) Prepare incident response plans that include recovery from potential denial of service scenarios affecting data recovery operations.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2024-02-02T06:46:02.518Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68487f531b0bd07c39389ef5

Added to database: 6/10/2025, 6:54:11 PM

Last enriched: 7/11/2025, 10:34:11 PM

Last updated: 7/30/2025, 4:53:15 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats