Jump to content

Archived

This topic is now archived and is closed to further replies.

itman

Microsoft Internet Explorer Scripting Engine memory corruption vulnerability - CVE-2020-0674

Recommended Posts

No patch available and currently being exploited:

Quote

Overview

The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code.

Description

Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.

This vulnerability was detected in exploits in the wild.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page an email attachment), PDF file, Microsoft Office document, or any other document that supports embedded Internet Explorer scripting engine content, an attacker may be able to execute arbitrary code.

Solution

The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround:

Restrict access to jscript.dll

jscript.dll is a library that provides compatibility with a deprecated version of JScript that was released in 2009. Blocking access to this library can prevent exploitation of this and similar vulnerabilities that may be present in this old technology. When Internet Explorer is used to browse the modern web, jscript9.dll is used by default.

https://kb.cert.org/vuls/id/338824/

Share this post


Link to post
Share on other sites

Internet Explorer should be blocked through Group Policy in work environments , and for sure not to be used at Home.

Share this post


Link to post
Share on other sites
5 hours ago, Rami said:

Internet Explorer should be blocked through Group Policy in work environments

Microsoft's recommendation is the use of IE11 "Enhanced Security Policy." The problem with that is it includes setting the Internet zone protection to High. This pretty much means you have to whitelist all web sites that are used.

Also, standard user account logon is a mitigation since this exploit requires admin privileges.

I applied the recommended command line changes w/o any issues. These basically restrict jscript.dll to standard user privileges.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...