IE scripting engine memory corruption vulnerability

Summary

A remote code execution vulnerability affecting Internet Explorer scripting engine has been discovered and is being exploited in the wild as disclosed by Clément Lecigne, a member of Google’s Threat Analysis Group. This vulnerability allows an attacker to execute code remotely and take control of a victim’s system.

Description

The vulnerability resides in how the scripting engine manages memory objects in Internet Explorer. The flaw could corrupt memory in a way that an attacker can execute code with the rights of the current user. If the user running Internet Explorer is an administrator, an attacker could gain remote code execution with elevated privileges on the target system.

Affected Systems

Microsoft has released security updates for Internet Explorer versions 9, 10 and 11. The complete list can be found in the following link:
https://portal.msrc.microsoft.com/enUS/securityguidance/advisory/CVE20191367

Technical Details

The flaw resides in how the scripting engine manages objects in memory in Internet Explorer. The vulnerability allows memory corruption and could lead to arbitrary code execution with the rights of the current user. If the current user is an administrator in the system, an attacker could gain remote code execution with elevated privileges. User interaction is required to exploit the vulnerability. The attacker needs to craft a website designed to exploit the flaw on Internet Explorer and social engineer a victim to click on a link. Another way of exploiting the vulnerability remotely is by sending a malicious email attachment (HTML file, PDF file, Microsoft Office document) that supports embedding the scripting engine content.

Reported Impact

If exploited, the vulnerability could allow a remote attacker to take complete control of a victim system, affecting confidentiality, availability and integrity. Microsoft has assigned two different CVSS scores for this flaw, the first one for desktop operating systems and the second for servers:

• 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

• 6.4 (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)

Recommendation

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. Apply the official security updates from Microsoft:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

As a workaround, Microsoft has provided mitigations for 32-bit and 64-bit systems by restricting access to the JScript.dll file. An administrator can restrict access by executing specific commands (available at the end of the above link). However, these mitigations should only be applied temporarily until patching is feasible.

Advertisements
Categories Tweet Digest

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this:
search previous next tag category expand menu location phone mail time cart zoom edit close