CVE-2021-34448

Scripting Engine Memory Corruption Vulnerability

Recent assessments:

gwillcox-r7 at July 14, 2021 5:02pm UTC reported:

Looking at Microsoft’s advisory at <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34448&gt; shows very little information other than that this is a scripting engine vulnerability which is exploitable across a wide range of Windows OS versions and is exploitable remotely. Further investigation though shows that Cisco Talos at <https://blog.talosintelligence.com/2021/07/microsoft-patch-tuesday-for-july-2021.html&gt; mentions that this vulnerability is a memory corruption vulnerability triggered when opening a maliciously crafted email or visiting a malicious website.

Further examination of <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34448&gt; using the Download column (which is not enabled by default but can be added) shows several references to IE Cumulative Update which suggests this is potentially an IE related vulnerability. Further examination of past advisories named in the same way like <https://msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-0224&gt; shows that IE scripting engine vulnerabilities are also referenced using the same style of language, so it would seem this is a memory corruption vulnerability within IE’s scripting engine.

Users should ideally apply patches to fix this issue given it has been exploited in the wild already, however if this is not possible then users should disable JavaScript in their browsers as most scripting engine vulnerabilities rely on taking advantage of flaws in the JavaScript engine of a given browser, which requires the browser to have JavaScript enabled in the first place. Note that this will break the operation of most sites so patching is preferred where possible.

Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 3