November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Advisory – Malware Controlled Through Command-containing memes on Twitter
December 19, 2018Rewterz Threat Advisory – CVE-2018-2815 – Multiple F5 Java products, DoS vulnerability
December 20, 2018Rewterz Threat Advisory – Malware Controlled Through Command-containing memes on Twitter
December 19, 2018Rewterz Threat Advisory – CVE-2018-2815 – Multiple F5 Java products, DoS vulnerability
December 20, 2018
SEVERITY: High
CATEGORY: Vulnerability
ANALYSIS SUMMARY:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
A web based attack scenario would be, that the attacker would convince the user to view a document that supports
embedded Internet Explorer scripting engine content (for e.g, PDF file, MS Office document, email attachment) or any other document that supports scripting engine content format. When the user opens the document, arbitrary code will be executed on the target device.
IMPACT
Memory corruption, Arbitrary code execution on target device, System access
AFFECTED PRODUCTS
Internet Explorer 9
Internet Explorer 10
Internet Explorer 11
REMEDIATION
This vulnerability can be mitigated by restricting access to the jscript.dll file, and this can be done by the user in the
command prompt with administrative rights.
For 32-bit systems:
cacls %windir%\system32\jscript.dll /E /P everyone:N
For 64-bit systems:
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
Note: This only affects websites that utilizes jscript as scripting engines. Only sites that explicitly request the script decoding with jscript.dll may be affected.
Users who have enabled windows update are protected automatically.
Users who havent’t enabled updates are requested to do it manually for windows 10 and earlier versions.
Do not follow links provided by unknown or un-trusted sources.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Run all software as non-privileged user with minimal access rights.