Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 15, 2023Severity High Analysis Summary According to researchers, a Golang-based botnet named GoBruteforcer has been discovered, which is specifically targeting web servers running FTP, MySQL, phpMyAdmin, and […]March 15, 2023Severity High Analysis Summary DarkComet RAT (Remote Administration Tool) is a type of malware that is designed to allow attackers to gain remote access to a […]March 15, 2023Severity High Analysis Summary CVE-2023-23410 CVSS:7.8 Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Malware Controlled Through Command-containing memes on Twitter
December 19, 2018Rewterz Threat Advisory – CVE-2018-2815 – Multiple F5 Java products, DoS vulnerability
December 20, 2018
SEVERITY: High
CATEGORY: Vulnerability
ANALYSIS SUMMARY:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
A web based attack scenario would be, that the attacker would convince the user to view a document that supports
embedded Internet Explorer scripting engine content (for e.g, PDF file, MS Office document, email attachment) or any other document that supports scripting engine content format. When the user opens the document, arbitrary code will be executed on the target device.
IMPACT
Memory corruption, Arbitrary code execution on target device, System access
AFFECTED PRODUCTS
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
REMEDIATION
This vulnerability can be mitigated by restricting access to the jscript.dll file, and this can be done by the user in the
command prompt with administrative rights.
For 32-bit systems:
cacls %windir%\system32\jscript.dll /E /P everyone:N
For 64-bit systems:
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
Note: This only affects websites that utilizes jscript as scripting engines. Only sites that explicitly request the script decoding with jscript.dll may be affected.
Users who have enabled windows update are protected automatically.
Users who havent’t enabled updates are requested to do it manually for windows 10 and earlier versions.
Do not follow links provided by unknown or un-trusted sources.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Run all software as non-privileged user with minimal access rights.