CVE-2024-28099 – This vulnerability in VT STUDIO allows attacker... (How to Fix)

Q: What is the severity of CVE-2024-28099?

CVE-2024-28099 has a CVSS score of 7.8 (HIGH). This vulnerability in VT STUDIO allows attackers to execute arbitrary code by exploiting insecure DLL loading. It affects users of VT STUDIO version 8.32 and earlier, potentially leading to system compromise if the application is tricked into loading a malicious DLL.

📋 TL;DR

This vulnerability in VT STUDIO allows attackers to execute arbitrary code by exploiting insecure DLL loading. It affects users of VT STUDIO version 8.32 and earlier, potentially leading to system compromise if the application is tricked into loading a malicious DLL.

💻 Affected Systems

Products:

VT STUDIO

Versions: 8.32 and earlier

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability is present in default installations; exploitation may require placing a malicious DLL in a specific path accessible to the application.

📦 What is this software?

Vt Studio by Keyence

View all CVEs affecting Vt Studio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with the privileges of the VT STUDIO application, potentially leading to data theft, ransomware deployment, or lateral movement in a network.

🟠

Likely Case

Local privilege escalation or code execution on systems where VT STUDIO is installed, often requiring user interaction like opening a malicious file.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and in isolated environments, reducing the scope of potential damage.

🌐 Internet-Facing: LOW, as exploitation typically requires local access or user interaction, not direct internet exposure.

🏢 Internal Only: MEDIUM, due to potential for lateral movement in internal networks if exploited via shared files or compromised systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires local access or social engineering to place a malicious DLL; no public proof-of-concept has been disclosed as of the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 8.33 or later

Vendor Advisory: https://www.keyence.com/vt_vulnerability240329_en

Restart Required: Yes

Instructions:

1. Download the latest version of VT STUDIO from the official Keyence website. 2. Install the update following the vendor's instructions. 3. Restart the system to ensure changes take effect.

🔧 Temporary Workarounds

Restrict DLL Search Path

windows

Modify system or application settings to limit where DLLs can be loaded from, reducing the risk of malicious DLL injection.

Use Windows Group Policy or registry settings to set SafeDllSearchMode or DLL search order restrictions.

🧯 If You Can't Patch

Run VT STUDIO with minimal user privileges to limit potential damage from code execution.
Isolate VT STUDIO installations on segmented networks to prevent lateral movement if compromised.

🔍 How to Verify

Check if Vulnerable:

Check the VT STUDIO version in the application's help or about menu; if it is 8.32 or earlier, it is vulnerable.

Check Version:

Not applicable; check via the VT STUDIO application interface as there is no standard command-line version check.

Verify Fix Applied:

After updating, confirm the version is 8.33 or later in the application's help or about menu.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from VT STUDIO, unexpected DLL loads in Windows event logs (e.g., Event ID 4688 or Sysmon events).

Network Indicators:

Outbound connections from VT STUDIO to unknown IPs, which may indicate command-and-control activity post-exploitation.

SIEM Query:

Example for Splunk: source="WinEventLog:Security" EventCode=4688 ProcessName="*VT STUDIO*" | stats count by CommandLine

📊 Metadata

CVE ID: CVE-2024-28099

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-427

Published: April 15, 2024

Last Updated: June 30, 2025

🔗 References

https://jvn.jp/en/vu/JVNVU92825069/ Third Party Advisory
https://www.keyence.com/vt_vulnerability240329_en Vendor Advisory
https://jvn.jp/en/vu/JVNVU92825069/ Third Party Advisory
https://www.keyence.com/vt_vulnerability240329_en Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28099, you might also want to check these: