CVE-2024-4978 identifies a critical vulnerability in Justice AV Solutions Viewer version 8.3.7.250, where the installation package contains an embedded malicious binary signed with an unexpected authenticode signature, indicating potential tampering or supply chain compromise. This malicious code allows a remote attacker with privileged access to execute unauthorized PowerShell commands on the affected system. The vulnerability falls under CWE-506, which involves embedded malicious code that can be executed to compromise system security. The attack vector is network-based (AV:N), with low attack complexity (AC:L), but requires the attacker to have high privileges (PR:H) and user interaction (UI:R). The scope is changed (S:C), meaning the vulnerability affects resources beyond the initially vulnerable component. The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), as arbitrary PowerShell command execution can lead to data theft, system manipulation, or denial of service. Although no exploits are currently known in the wild, the presence of malicious code in a signed installer suggests a serious supply chain risk. The vulnerability was published on May 23, 2024, and affects a specific version of the Justice AV Solutions Viewer, a product likely used in justice or law enforcement sectors. The unexpected authenticode signature raises concerns about the authenticity and trustworthiness of the software distribution channel. This vulnerability requires immediate attention to prevent potential exploitation by remote attackers who have already gained privileged access.

The impact of CVE-2024-4978 is significant for organizations using Justice AV Solutions Viewer, particularly in justice, law enforcement, and related sectors where the software is deployed. Successful exploitation allows remote, privileged attackers to execute arbitrary PowerShell commands, which can lead to full system compromise, data exfiltration, manipulation of evidence or logs, and disruption of critical judicial or investigative processes. The embedded malicious code in a signed installer undermines trust in the software supply chain, potentially enabling attackers to distribute malware under the guise of legitimate software updates. This can result in widespread compromise if the affected version is broadly deployed. The high CVSS score reflects the potential for severe confidentiality, integrity, and availability impacts. Organizations may face operational disruption, legal consequences, and reputational damage if this vulnerability is exploited. The requirement for privileged access and user interaction somewhat limits exploitation but does not eliminate the risk, especially in environments where users have elevated permissions or where attackers have already gained footholds. The lack of known exploits in the wild currently reduces immediate risk but does not preclude future attacks.

1. Verify the authenticity and integrity of Justice AV Solutions Viewer installation files by checking digital signatures against vendor-provided certificates and hashes. 2. Avoid installing or updating to version 8.3.7.250 until a vendor patch or official fix is released. 3. Implement strict privilege management to minimize the number of users with high privileges capable of executing PowerShell commands. 4. Employ application whitelisting and endpoint detection and response (EDR) solutions to detect and block unauthorized PowerShell execution and suspicious binaries. 5. Monitor PowerShell logs and system event logs for unusual or unauthorized command execution patterns. 6. Isolate systems running Justice AV Solutions Viewer from untrusted networks to reduce exposure to remote attacks. 7. Engage with the vendor for timely updates or patches and follow their security advisories closely. 8. Conduct supply chain security assessments to ensure software distribution channels are secure and have not been compromised. 9. Educate users about the risks of executing untrusted software and the importance of reporting unexpected prompts or behaviors. 10. Prepare incident response plans specific to potential exploitation scenarios involving PowerShell command execution.