March 22, 2024
Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]
Rewterz Threat Advisory – Malware Controlled Through Command-containing memes on Twitter
December 19, 2018
Rewterz Threat Advisory – CVE-2018-2815 – Multiple F5 Java products, DoS vulnerability
December 20, 2018
Rewterz Threat Advisory – Malware Controlled Through Command-containing memes on Twitter
December 19, 2018
Rewterz Threat Advisory – CVE-2018-2815 – Multiple F5 Java products, DoS vulnerability
December 20, 2018
SEVERITY: High
CATEGORY: Vulnerability
ANALYSIS SUMMARY:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
A web based attack scenario would be, that the attacker would convince the user to view a document that supports
embedded Internet Explorer scripting engine content (for e.g, PDF file, MS Office document, email attachment) or any other document that supports scripting engine content format. When the user opens the document, arbitrary code will be executed on the target device.
IMPACT
Memory corruption, Arbitrary code execution on target device, System access
AFFECTED PRODUCTS
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
REMEDIATION
This vulnerability can be mitigated by restricting access to the jscript.dll file, and this can be done by the user in the
command prompt with administrative rights.
For 32-bit systems:
cacls %windir%\system32\jscript.dll /E /P everyone:N
For 64-bit systems:
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
Note: This only affects websites that utilizes jscript as scripting engines. Only sites that explicitly request the script decoding with jscript.dll may be affected.
Users who have enabled windows update are protected automatically.
Users who havent’t enabled updates are requested to do it manually for windows 10 and earlier versions.
Do not follow links provided by unknown or un-trusted sources.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Run all software as non-privileged user with minimal access rights.