CVE-2024-4978 – CVE-2024-4978 is a supply chain attack where Ju... (How to Fix)

Q: What is the severity of CVE-2024-4978?

CVE-2024-4978 has a CVSS score of 8.4 (HIGH). CVE-2024-4978 is a supply chain attack where Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary signed with an unexpected authenticode signature. This allows remote privileged threat actors to execute unauthorized PowerShell commands. Organizations using this specific version of Justice AV Solutions Viewer software are affected.

📋 TL;DR

CVE-2024-4978 is a supply chain attack where Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary signed with an unexpected authenticode signature. This allows remote privileged threat actors to execute unauthorized PowerShell commands. Organizations using this specific version of Justice AV Solutions Viewer software are affected.

💻 Affected Systems

Products:

Justice AV Solutions Viewer

Versions: 8.3.7.250-1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only this specific version contains the malicious binary. Earlier or later versions may be safe.

📦 What is this software?

Javs Viewer by Javs

View all CVEs affecting Javs Viewer →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution, data exfiltration, lateral movement across networks, and persistent backdoor installation.

🟠

Likely Case

Unauthorized PowerShell command execution leading to data theft, credential harvesting, or deployment of additional malware.

🟢

If Mitigated

Limited impact with proper endpoint protection, application allowlisting, and network segmentation preventing command execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the malicious binary to be executed, typically through installation of the compromised software package.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Remove version 8.3.7.250-1 and install clean version from vendor

Vendor Advisory: https://www.javs.com/downloads/

Restart Required: Yes

Instructions:

1. Uninstall Justice AV Solutions Viewer 8.3.7.250-1 completely
2. Download fresh installer from official vendor site
3. Install clean version
4. Verify digital signatures match expected vendor certificates

🔧 Temporary Workarounds

Block PowerShell Execution

windows

Restrict PowerShell execution through Group Policy or application control

Set-ExecutionPolicy -ExecutionPolicy Restricted -Scope LocalMachine

Application Allowlisting

windows

Configure Windows Defender Application Control to only allow trusted applications

🧯 If You Can't Patch

Immediately isolate affected systems from network
Perform forensic analysis to check for compromise indicators

🔍 How to Verify

Check if Vulnerable:

Check installed version of Justice AV Solutions Viewer. If version is 8.3.7.250-1, system is vulnerable.

Check Version:

Get-WmiObject -Class Win32_Product | Where-Object {$_.Name -like '*Justice AV*'} | Select-Object Name, Version

Verify Fix Applied:

Verify Justice AV Solutions Viewer is not version 8.3.7.250-1 and check digital signatures of binaries match expected vendor certificates.

📡 Detection & Monitoring

Log Indicators:

Unexpected PowerShell execution from Justice AV Viewer process
Authenticode signature validation failures for javs binaries
Process creation events for suspicious commands

Network Indicators:

Outbound connections from Justice AV Viewer to unexpected destinations
DNS queries for command and control domains

SIEM Query:

source="windows" (process_name="powershell.exe" AND parent_process="*JusticeAV*") OR (event_id="4688" AND process_name="*javs*" AND command_line="*powershell*")

📊 Metadata

CVE ID: CVE-2024-4978

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-506

Published: May 23, 2024

Last Updated: October 24, 2025

🔗 References

https://twitter.com/2RunJack2/status/1775052981966377148 Third Party Advisory
https://www.javs.com/downloads/ Broken Link,Product
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ Exploit,Third Party Advisory
https://twitter.com/2RunJack2/status/1775052981966377148 Third Party Advisory
https://www.javs.com/downloads/ Broken Link,Product
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/ Exploit,Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4978 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4978, you might also want to check these: