| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-5274 | Google Chromium V8 Type Confusion Vulnerability | primary_impact | T1203 | Exploitation for Client Execution |
Comments
This vulnerability is exploited by the hosting of malicious content on a website. Adversaries use this to deliver an information-stealing payload within Chrome.
References
|
| CVE-2024-5274 | Google Chromium V8 Type Confusion Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited by the hosting of malicious content on a website. Adversaries use this to deliver an information-stealing payload within Chrome.
References
|
| CVE-2017-11292 | Adobe Flash Player Type Confusion Vulnerability | secondary_impact | T1005 | Data from Local System |
Comments
This vulnerability is exploited using a malicious-crafted word document attached to spearphishing emails. Adversaries have been seen to leverage this to install exploit code from their command & control server. This malware then performs data collection on the target systems.
References
|
| CVE-2017-11292 | Adobe Flash Player Type Confusion Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
This vulnerability is exploited using a malicious-crafted word document attached to spearphishing emails. Adversaries have been seen to leverage this to install exploit code from their command & control server. This malware then performs data collection on the target systems.
References
|
| CVE-2017-11292 | Adobe Flash Player Type Confusion Vulnerability | exploitation_technique | T1566.001 | Spearphishing Attachment |
Comments
This vulnerability is exploited using a malicious-crafted word document attached to spearphishing emails. Adversaries have been seen to leverage this to install exploit code from their command & control server. This malware then performs data collection on the target systems.
References
|
| CVE-2017-11292 | Adobe Flash Player Type Confusion Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This vulnerability is exploited using a malicious-crafted word document attached to spearphishing emails. Adversaries have been seen to leverage this to install exploit code from their command & control server. This malware then performs data collection on the target systems.
References
|
| CVE-2024-4947 | Google Chromium V8 Type Confusion Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2024-4947 is a type confusion vulnerability in Chrome's V8 JavaScript engine.
Adversaries have been observed exploiting this vulnerability by hosting a web-based game on a site that triggered the vulnerability and executed arbitrary code.
Adversaries promoted the game on social media and through emails.
References
|
| CVE-2024-4947 | Google Chromium V8 Type Confusion Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
CVE-2024-4947 is a type confusion vulnerability in Chrome's V8 JavaScript engine.
Adversaries have been observed exploiting this vulnerability by hosting a web-based game on a site that triggered the vulnerability and executed arbitrary code.
Adversaries promoted the game on social media and through emails.
References
|
| Capability ID | Capability Name | Number of Mappings |
|---|---|---|
| CVE-2024-4947 | Google Chromium V8 Type Confusion Vulnerability | 2 |
| CVE-2017-11292 | Adobe Flash Player Type Confusion Vulnerability | 4 |
| CVE-2024-5274 | Google Chromium V8 Type Confusion Vulnerability | 2 |