Lucene search

K
certCERTVU:573168
HistoryDec 19, 2018 - 12:00 a.m.

Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability

2018-12-1900:00:00
www.kb.cert.org
295

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.051 Low

EPSS

Percentile

93.0%

Overview

Microsoft Internet Explorer contains a memory corruption vulnerability in the scripting engine JScript component, which can allow a remote attacker to execute arbitrary code on a vulnerable system.

Description

Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.

This vulnerability was detected in exploits in the wild.


Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page an email attachment), PDF file, Microsoft Office document, or any other document that supports embedded Internet Explorer scripting engine content, an attacker may be able to execute arbitrary code.


Solution

Apply an update

This issue is addressed in the update for CVE-2018-8653. If you cannot install the update, please consider the following workaround:


Restrict access to JScript.dll

According to the update for CVE-2018-8653, this vulnerability can be mitigated by restricting access to the jscript.dll file. This can be accomplished by running the following command in a command prompt that has administrative privileges on 32-bit systems:

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
On 64-bit Windows platforms, the following command should be used:takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
According to the Microsoft advisory: By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability._ This vulnerability only affects certain websites that utilizes jscript as the scripting engine. _ As a result, most websites should not be affected by this mitigation. Only sites that explicitly request the use of script decoding with jscript.dll may be affected. Note that Windows Scripting Host uses jscript.dll instead of jscript9.dll. As a result, deploying this mitigation can prevent the use of .JS and other similar stand-alone scripts. The above change can be reverted by running the following command with administrative privileges on a 32-bit Windows system:

cacls %windir%\system32\jscript.dll /E /R everyone
On 64-bit Windows platforms, the following commands should be used:

cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone

Vendor Information

573168

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Affected

Updated: December 19, 2018

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

CVSS Metrics

Group Score Vector
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal 6.2 E:F/RL:OF/RC:C
Environmental 6.2 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8653&gt;

Acknowledgements

This vulnerability was disclosed by Microsoft, who in turn credit Clement Lecigne of Google’s Threat Analysis Group.

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2018-8653
Date Public: 2018-12-19 Date First Published:

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

0.051 Low

EPSS

Percentile

93.0%