A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
A web based attack scenario would be, that the attacker would convince the user to view a document that supports
embedded Internet Explorer scripting engine content (for e.g, PDF file, MS Office document, email attachment) or any other document that supports scripting engine content format. When the user opens the document, arbitrary code will be executed on the target device.
Memory corruption, Arbitrary code execution on target device, System access
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
This vulnerability can be mitigated by restricting access to the jscript.dll file, and this can be done by the user in the
command prompt with administrative rights.
For 32-bit systems:
cacls %windir%\system32\jscript.dll /E /P everyone:N
For 64-bit systems:
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
Note: This only affects websites that utilizes jscript as scripting engines. Only sites that explicitly request the script decoding with jscript.dll may be affected.
Users who have enabled windows update are protected automatically.
Users who havent’t enabled updates are requested to do it manually for windows 10 and earlier versions.
Do not follow links provided by unknown or un-trusted sources.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Run all software as non-privileged user with minimal access rights.