Jump to content

Microsoft Internet Explorer Scripting Engine memory corruption vulnerability - CVE-2020-0674

itman

By itman
in General Discussion

 Share

Recommended Posts

itman

itman 1,659

Posted
Posted (edited)

No patch available and currently being exploited:

Quote

Overview

The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code.

Description

Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.

This vulnerability was detected in exploits in the wild.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page an email attachment), PDF file, Microsoft Office document, or any other document that supports embedded Internet Explorer scripting engine content, an attacker may be able to execute arbitrary code.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:

Restrict access to jscript.dll

jscript.dll is a library that provides compatibility with a deprecated version of JScript that was released in 2009. Blocking access to this library can prevent exploitation of this and similar vulnerabilities that may be present in this old technology. When Internet Explorer is used to browse the modern web, jscript9.dll is used by default.

https://kb.cert.org/vuls/id/338824/

Edited by itman
Link to comment
Share on other sites
  • Most Valued Members
Nightowl

Nightowl 202

Posted
  • Most Valued Members
Posted (edited)

Internet Explorer should be blocked through Group Policy in work environments , and for sure not to be used at Home.

Edited by Rami
Link to comment
Share on other sites
itman

itman 1,659

Posted
  • Author
Posted (edited)
5 hours ago, Rami said:

Internet Explorer should be blocked through Group Policy in work environments

Microsoft's recommendation is the use of IE11 "Enhanced Security Policy." The problem with that is it includes setting the Internet zone protection to High. This pretty much means you have to whitelist all web sites that are used.

Also, standard user account logon is a mitigation since this exploit requires admin privileges.

I applied the recommended command line changes w/o any issues. These basically restrict jscript.dll to standard user privileges.

Edited by itman
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...