Jump to content

Microsoft Internet Explorer Scripting Engine memory corruption vulnerability - CVE-2020-0674


Recommended Posts

Posted (edited)

No patch available and currently being exploited:

Quote

Overview

The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code.

Description

Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.

This vulnerability was detected in exploits in the wild.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page an email attachment), PDF file, Microsoft Office document, or any other document that supports embedded Internet Explorer scripting engine content, an attacker may be able to execute arbitrary code.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:

Restrict access to jscript.dll

jscript.dll is a library that provides compatibility with a deprecated version of JScript that was released in 2009. Blocking access to this library can prevent exploitation of this and similar vulnerabilities that may be present in this old technology. When Internet Explorer is used to browse the modern web, jscript9.dll is used by default.

https://kb.cert.org/vuls/id/338824/

Edited by itman
  • Most Valued Members
Posted (edited)

Internet Explorer should be blocked through Group Policy in work environments , and for sure not to be used at Home.

Edited by Rami
Posted (edited)
5 hours ago, Rami said:

Internet Explorer should be blocked through Group Policy in work environments

Microsoft's recommendation is the use of IE11 "Enhanced Security Policy." The problem with that is it includes setting the Internet zone protection to High. This pretty much means you have to whitelist all web sites that are used.

Also, standard user account logon is a mitigation since this exploit requires admin privileges.

I applied the recommended command line changes w/o any issues. These basically restrict jscript.dll to standard user privileges.

Edited by itman
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...