Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
The scripting engine in the Internet Explorer is vulnerable to remote code execution attacks due to memory corruption.
The scripting engine when handling objects in memory in the Internet Explorer is vulnerable to a Remote Code Execution attack. The attacks involve specially crafted web pages promoted through social engineering. Patched versions have been released by the vendor.
In the Internet Explorer, the handling of objects by the scripting engine in memory is vulnerable to a remote code execution attack. In case of a successful attack, an attacker could execute arbitrary code in the context of the current user, acquiring all the user privileges associated with the user. In case the current user has administrative privileges, the whole system could be taken over by the attacker.
In a web-based attack scenario that may involve social engineering, the attack is possible via a specially designed website meant to exploit the vulnerability in the internet explorer. An attacker can also take advantage of compromised websites or websites that deal with advertisements and user-provided content. These websites can be specially designed with the motive of exploiting this vulnerability.
Microsoft Internet Explorer version 11 and earlier are vulnerable to a use-after-free vulnerability that can be exploited in remote code execution attacks. This may hand over elevated user privileges of the system to an attacker, who is then able to install programs; view, modify, or delete data; or create new accounts with full user rights. Proof-of-concept (PoC) code is publicly available and Microsoft has seen exploitation in the wild.
An attacker would need to use a specially crafted web page to exploit this vulnerability. The target audience is convinced to visit the page via social engineering techniques, after which some file on the page drops payloads on the system to execute a remote code.
It is also possible for an attacker to embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The system may crash during the exploitation attempt.
When this vulnerability is triggered, it causes a ‘use after free’ condition in vbscript!AssignVar. This highly critical vulnerability has been addressed in the August updates by Microsoft.
Microsoft reports that the following products and versions are vulnerable.
The vendor has released updates for the affected products. Please follow this link for downloading the relevant updates.
https://portal.msrc.microsoft.com/en–US/security–guidance/advisory/CVE–2018–8373
If you think you are a victim of a cyber-security attack. Immediately send an email to info@rewterz.com for a rapid response.