Overview
Microsoft Internet Explorer contains a memory corruption vulnerability in the scripting engine JScript component, which can allow a remote attacker to execute arbitrary code on a vulnerable system.
Description
Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability. This vulnerability was detected in exploits in the wild. |
Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page an email attachment), PDF file, Microsoft Office document, or any other document that supports embedded Internet Explorer scripting engine content, an attacker may be able to execute arbitrary code. |
Solution
Apply an update This issue is addressed in the update for CVE-2018-8653. If you cannot install the update, please consider the following workaround: |
Restrict access to JScript.dll According to the update for CVE-2018-8653, this vulnerability can be mitigated by restricting access to the jscript.dll file. This can be accomplished by running the following command in a command prompt that has administrative privileges on 32-bit systems: takeown /f %windir%\system32\jscript.dll On 64-bit Windows platforms, the following command should be used: takeown /f %windir%\syswow64\jscript.dll According to the Microsoft advisory: By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilizes jscript as the scripting engine. As a result, most websites should not be affected by this mitigation. Only sites that explicitly request the use of script decoding with jscript.dll may be affected. Note that Windows Scripting Host uses jscript.dll instead of jscript9.dll. As a result, deploying this mitigation can prevent the use of .JS and other similar stand-alone scripts. The above change can be reverted by running the following command with administrative privileges on a 32-bit Windows system: cacls %windir%\system32\jscript.dll /E /R everyone On 64-bit Windows platforms, the following commands should be used: cacls %windir%\system32\jscript.dll /E /R everyone |
CVSS Metrics
Group | Score | Vector |
Base | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Temporal | 6.2 | E:F/RL:OF/RC:C |
Environmental | 6.2 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8653
Other Information
CVE IDs: | CVE-2018-8653 |
Date Public: | 2018-12-19 |
Date First Published: | 2018-12-19 |
Date Last Updated: | 2018-12-21 14:26 UTC |
Document Revision: | 23 |