1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Type Confusion Capability Group

Known Exploited Vulnerabilities Type Confusion Capability Group

All Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-5274 Google Chromium V8 Type Confusion Vulnerability primary_impact T1203 Exploitation for Client Execution
Comments
This vulnerability is exploited by the hosting of malicious content on a website. Adversaries use this to deliver an information-stealing payload within Chrome.
References
  1. https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/
CVE-2024-5274 Google Chromium V8 Type Confusion Vulnerability exploitation_technique T1189 Drive-by Compromise
Comments
This vulnerability is exploited by the hosting of malicious content on a website. Adversaries use this to deliver an information-stealing payload within Chrome.
References
  1. https://blog.google/threat-analysis-group/state-backed-attackers-and-commercial-surveillance-vendors-repeatedly-use-the-same-exploits/
CVE-2024-4947 Google Chromium V8 Type Confusion Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2024-4947 is a type confusion vulnerability in Chrome's V8 JavaScript engine. Adversaries have been observed exploiting this vulnerability by hosting a web-based game on a site that triggered the vulnerability and executed arbitrary code. Adversaries promoted the game on social media and through emails.
References
  1. https://socradar.io/lazarus-exploits-google-chrome-zero-day-to-steal-cryptocurrency-in-detankzone-campaign-cve-2024-4947/
CVE-2024-4947 Google Chromium V8 Type Confusion Vulnerability exploitation_technique T1189 Drive-by Compromise
Comments
CVE-2024-4947 is a type confusion vulnerability in Chrome's V8 JavaScript engine. Adversaries have been observed exploiting this vulnerability by hosting a web-based game on a site that triggered the vulnerability and executed arbitrary code. Adversaries promoted the game on social media and through emails.
References
  1. https://socradar.io/lazarus-exploits-google-chrome-zero-day-to-steal-cryptocurrency-in-detankzone-campaign-cve-2024-4947/
CVE-2017-11292 Adobe Flash Player Type Confusion Vulnerability exploitation_technique T1204.002 Malicious File
Comments
This vulnerability is exploited using a malicious-crafted word document attached to spearphishing emails. Adversaries have been seen to leverage this to install exploit code from their command & control server. This malware then performs data collection on the target systems.
References
  1. https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
CVE-2017-11292 Adobe Flash Player Type Confusion Vulnerability exploitation_technique T1566.001 Spearphishing Attachment
Comments
This vulnerability is exploited using a malicious-crafted word document attached to spearphishing emails. Adversaries have been seen to leverage this to install exploit code from their command & control server. This malware then performs data collection on the target systems.
References
  1. https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
CVE-2017-11292 Adobe Flash Player Type Confusion Vulnerability secondary_impact T1005 Data from Local System
Comments
This vulnerability is exploited using a malicious-crafted word document attached to spearphishing emails. Adversaries have been seen to leverage this to install exploit code from their command & control server. This malware then performs data collection on the target systems.
References
  1. https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
CVE-2017-11292 Adobe Flash Player Type Confusion Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
This vulnerability is exploited using a malicious-crafted word document attached to spearphishing emails. Adversaries have been seen to leverage this to install exploit code from their command & control server. This malware then performs data collection on the target systems.
References
  1. https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
Victims are tricked into visiting malicious web pages crafted to trigger memory corruption, which can lead to arbitrary code execution.
References
  1. https://www.secpod.com/blog/google-issues-emergency-fix-for-actively-exploited-chrome-zero-day-cve-2025-6554/
  2. https://thehackernews.com/2025/07/google-patches-critical-zero-day-flaw.html https://www.menlosecurity.com/blog/chrome-zero-day-why-browser-security-is-no-longer-optional?utm_source=feedly
CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability exploitation_technique T1189 Drive-by Compromise
Comments
Victims are tricked into visiting malicious web pages crafted to trigger memory corruption, which can lead to arbitrary code execution.
References
  1. https://www.secpod.com/blog/google-issues-emergency-fix-for-actively-exploited-chrome-zero-day-cve-2025-6554/
  2. https://thehackernews.com/2025/07/google-patches-critical-zero-day-flaw.html https://www.menlosecurity.com/blog/chrome-zero-day-why-browser-security-is-no-longer-optional?utm_source=feedly
CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
Victims are tricked into visiting malicious web pages crafted to trigger memory corruption, which can lead to arbitrary code execution.
References
  1. https://www.secpod.com/blog/google-issues-emergency-fix-for-actively-exploited-chrome-zero-day-cve-2025-6554/
  2. https://thehackernews.com/2025/07/google-patches-critical-zero-day-flaw.html https://www.menlosecurity.com/blog/chrome-zero-day-why-browser-security-is-no-longer-optional?utm_source=feedly
CVE-2025-30397 Microsoft Windows Scripting Engine Type Confusion Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
This vulnerability has enabled attackers to use heap spraying techniques to trigger a memory corruption, allowing them to execute code remotely.
References
  1. https://github.com/mbanyamer/CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free-
CVE-2025-30397 Microsoft Windows Scripting Engine Type Confusion Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
This vulnerability has enabled attackers to use heap spraying techniques to trigger a memory corruption, allowing them to execute code remotely.
References
  1. https://github.com/mbanyamer/CVE-2025-30397---Windows-Server-2025-JScript-RCE-Use-After-Free-

Capabilities

Capability ID Capability Name Number of Mappings
CVE-2025-30397 Microsoft Windows Scripting Engine Type Confusion Vulnerability 2
CVE-2024-4947 Google Chromium V8 Type Confusion Vulnerability 2
CVE-2025-6554 Google Chromium V8 Type Confusion Vulnerability 3
CVE-2017-11292 Adobe Flash Player Type Confusion Vulnerability 4
CVE-2024-5274 Google Chromium V8 Type Confusion Vulnerability 2