IE scripting engine memory corruption vulnerability
A remote code execution vulnerability affecting Internet Explorer scripting engine has been discovered and is being exploited in the wild as disclosed by Clément Lecigne, a member of Google’s Threat Analysis Group. This vulnerability allows an attacker to execute code remotely and take control of a victim’s system.
The vulnerability resides in how the scripting engine manages memory objects in Internet Explorer. The flaw could corrupt memory in a way that an attacker can execute code with the rights of the current user. If the user running Internet Explorer is an administrator, an attacker could gain remote code execution with elevated privileges on the target system.
Microsoft has released security updates for Internet Explorer versions 9, 10 and 11. The complete list can be found in the following link:
The flaw resides in how the scripting engine manages objects in memory in Internet Explorer. The vulnerability allows memory corruption and could lead to arbitrary code execution with the rights of the current user. If the current user is an administrator in the system, an attacker could gain remote code execution with elevated privileges. User interaction is required to exploit the vulnerability. The attacker needs to craft a website designed to exploit the flaw on Internet Explorer and social engineer a victim to click on a link. Another way of exploiting the vulnerability remotely is by sending a malicious email attachment (HTML file, PDF file, Microsoft Office document) that supports embedding the scripting engine content.
If exploited, the vulnerability could allow a remote attacker to take complete control of a victim system, affecting confidentiality, availability and integrity. Microsoft has assigned two different CVSS scores for this flaw, the first one for desktop operating systems and the second for servers:
• 7.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
• 6.4 (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory. Apply the official security updates from Microsoft:
As a workaround, Microsoft has provided mitigations for 32-bit and 64-bit systems by restricting access to the JScript.dll file. An administrator can restrict access by executing specific commands (available at the end of the above link). However, these mitigations should only be applied temporarily until patching is feasible.