CVE-2024-24122 is a critical remote code execution (RCE) vulnerability affecting Wanxing Technology's Yitu project management software. The vulnerability arises from insecure handling of the exp.adpx file, which is processed as a zip compressed archive. An attacker can craft a specially named file within this archive that exploits path traversal weaknesses (CWE-22) to decompress files into the system's startup folder. This allows the malicious payload to execute automatically upon system reboot without requiring any user interaction or authentication. The attack vector involves delivering a malicious exp.adpx file that, when opened by the vulnerable software, triggers the extraction of an attack script into the startup directory. Upon system restart, the script runs with the privileges of the logged-in user or system, enabling full remote code execution. The vulnerability has a CVSS v3.1 base score of 9.8, reflecting its ease of exploitation over the network (AV:N), no required privileges (PR:N), no user interaction (UI:N), and its impact on confidentiality, integrity, and availability (all high). No official patches or updates have been released yet, and no active exploitation has been reported, but the critical nature of the flaw demands immediate attention. The root cause is improper validation and sanitization of file paths during archive extraction, allowing directory traversal and arbitrary file write. This vulnerability can be weaponized for persistent backdoors, ransomware deployment, or full system takeover.

The impact of CVE-2024-24122 is severe for organizations using Wanxing Technology's Yitu project management software. Successful exploitation leads to complete system compromise, allowing attackers to execute arbitrary code with user or system-level privileges. This can result in data theft, destruction, ransomware attacks, or lateral movement within networks. Since the malicious payload is placed in the system startup folder, the attack persists across reboots, complicating detection and remediation. The vulnerability affects confidentiality by exposing sensitive project management data, integrity by allowing unauthorized modifications, and availability by potentially disabling critical systems. The lack of required authentication and user interaction significantly increases the attack surface, enabling remote attackers to compromise systems without user awareness. Organizations relying on this software for project management, especially in critical infrastructure, government, or enterprises with sensitive intellectual property, face heightened risks of operational disruption and data breaches.

To mitigate CVE-2024-24122, organizations should immediately implement the following measures: 1) Restrict network access to systems running the Yitu project management software, limiting exposure to trusted internal networks only. 2) Monitor and block suspicious exp.adpx files or zip archives with unusual file paths using advanced endpoint detection and response (EDR) tools. 3) Employ application whitelisting to prevent unauthorized scripts from executing from startup folders. 4) Regularly audit and harden file system permissions on startup directories to prevent unauthorized file writes. 5) Use sandboxing or virtual machines to open untrusted project files safely. 6) Engage with Wanxing Technology for updates or patches and apply them promptly once available. 7) Implement network intrusion detection systems (NIDS) with signatures targeting this vulnerability’s exploitation patterns. 8) Educate users about the risks of opening unverified project files and enforce strict file handling policies. 9) Maintain comprehensive backups and incident response plans to recover quickly from potential compromises. These targeted actions go beyond generic advice by focusing on controlling the specific attack vector and limiting persistence mechanisms.