Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability

Overview

Microsoft Internet Explorer contains a memory corruption vulnerability in the scripting engine JScript component, which can allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.

This vulnerability was detected in exploits in the wild.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page an email attachment), PDF file, Microsoft Office document, or any other document that supports embedded Internet Explorer scripting engine content, an attacker may be able to execute arbitrary code.

Solution

Apply an update

This issue is addressed in the update for CVE-2018-8653. If you cannot install the update, please consider the following workaround:

 

Restrict access to JScript.dll

According to the update for CVE-2018-8653, this vulnerability can be mitigated by restricting access to the jscript.dll file. This can be accomplished by running the following command in a command prompt that has administrative privileges on 32-bit systems:

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

On 64-bit Windows platforms, the following command should be used:

takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

According to the Microsoft advisory: By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilizes jscript as the scripting engine. As a result, most websites should not be affected by this mitigation. Only sites that explicitly request the use of script decoding with jscript.dll may be affected. Note that Windows Scripting Host uses jscript.dll instead of jscript9.dll. As a result, deploying this mitigation can prevent the use of .JS and other similar stand-alone scripts. The above change can be reverted by running the following command with administrative privileges on a 32-bit Windows system:

cacls %windir%\system32\jscript.dll /E /R everyone

On 64-bit Windows platforms, the following commands should be used:

cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone

CVSS Metrics

GroupScoreVector
Base7.5AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal6.2E:F/RL:OF/RC:C
Environmental6.2CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8653

Other Information

CVE IDs:CVE-2018-8653
Date Public:2018-12-19
Date First Published:2018-12-19
Date Last Updated:2018-12-21 14:26 UTC
Document Revision:23

 

Leave a Reply

Your email address will not be published. Required fields are marked *