Login Sign Up

CVE-2024-1112

7.3 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability in Resource Hacker version 3.6.0.92 allows attackers to execute arbitrary code by providing a specially crafted long filename argument. This affects users who process untrusted files with Resource Hacker, potentially leading to complete system compromise.

💻 Affected Systems

Products:
  • Resource Hacker
Versions: Version 3.6.0.92 specifically
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Resource Hacker when processing files with long filenames; other software is not affected.

📦 What is this software?

Resource Hacker by Angusj

View all CVEs affecting Resource Hacker →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM/administrator privileges leading to full system compromise, data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Local privilege escalation or arbitrary code execution when processing malicious files, potentially leading to lateral movement within networks.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and in isolated environments, though data corruption or denial of service may still occur.

🌐 Internet-Facing: LOW - Resource Hacker is typically not exposed to internet-facing services, but could be exploited through file uploads or downloads.
🏢 Internal Only: MEDIUM - Higher risk in environments where Resource Hacker is used to process untrusted files from internal sources or shared drives.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to open malicious files; no known public exploits at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 3.6.0.93 or later

Vendor Advisory: https://www.angusj.com/resourcehacker/

Restart Required: No

Instructions:

1. Download latest version from angusj.com/resourcehacker 2. Uninstall old version 3. Install new version 4. Verify version is 3.6.0.93 or higher

🔧 Temporary Workarounds

Restrict File Processing

windows

Limit Resource Hacker to only process trusted files from known sources

Run with Reduced Privileges

windows

Execute Resource Hacker with standard user privileges instead of administrator rights

🧯 If You Can't Patch

  • Uninstall Resource Hacker completely if not required
  • Implement application whitelisting to block Resource Hacker execution

🔍 How to Verify

Check if Vulnerable:

Check Resource Hacker version via Help > About; if version is 3.6.0.92, system is vulnerable

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Verify version is 3.6.0.93 or higher in Help > About dialog

📡 Detection & Monitoring

Log Indicators:

  • Process creation events for Resource Hacker with long command line arguments
  • Application crashes of Resource Hacker

Network Indicators:

  • Unusual outbound connections from Resource Hacker process

SIEM Query:

ProcessName="ResourceHacker.exe" AND (CommandLine CONTAINS "*" OR CommandLine LENGTH > 100)

📊 Metadata

CVE ID: CVE-2024-1112
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: January 31, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-1112, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)