Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to analyze the remote code execution vulnerability of Microsoft Internet Explorer Jscript.Dll component. Many people may not know much about it. In order to let everyone know more, Xiaobian summarizes the following contents for everyone. I hope everyone can gain something according to this article.

overview

On September 23, 2019, Microsoft released a fix for a vulnerability in the Internet Explorer browser component jscript.dll, discovered by ClémentLecigne, a security researcher at Google Threat Analysis Group. Successful exploitation of this vulnerability will corrupt memory and allow attackers to execute arbitrary code. Attackers may use this vulnerability to spread malicious code in the form of a horse website.

Internet Explorer is a web browser launched by Microsoft Corporation. jscript.dll is a script engine that works in IE. According to Netmarketshare's browser share survey [1], Internet Explorer's market share is 8.29%, combining its default installation characteristics and the large number of domestic Internet users and other reasons, the impact of the vulnerability is very extensive.

Figure Internet Explorer Market Share

vulnerability description

Vulnerability Number: CVE-2019-1367

Script engine jscript.dll in the process of processing memory objects, will trigger memory corruption vulnerability, attackers may persuade or trick users to open a carefully crafted web page through e-mail, etc., in order to exploit the vulnerability, exploit success can be executed under the current user privileges arbitrary code. If the current user is logged on with administrative user rights, an attacker could take control of the affected system and further install programs, view, change, delete data, and more.

the affected area

Affected areas:

IE 11Windows 7Windows 8.1 Windows 10Windows Server 2012/R2Windows Server 2008Windows Server 2016Windows Server 2019IE 10Windows Server 2012IE 9Windows Server 2008 Possible Attack Risk Evolution

1)From the perspective of threat framework, this is an exploitable vulnerability with high risk from the perspective of target contact and offensive penetration. Before exposure, this vulnerability may be used by super cyberspace threat actors in systems similar to QUANTUM to attack high-value targets, which requires further investigation and analysis.

2)APT attack organizations and mafia organizations used in targeted attacks to occupy the pit attack.

3)Black attack organizations construct attack pages in compromised websites, spread malicious code on a large scale, and carry out illegal activities such as extortion and mining.

4)In APT attack organizations and gangs control traffic side links, or intrusion firewalls, etc., may be used to achieve similar QUANTUM injection.

Manual repair and mitigation recommendations

On 32-bit operating systems, access to JScript.dll can be restricted with the following command:

takeown /f %windir%\system32\jscript.dllcacls %windir%\system32\jscript.dll /E /P everyone:N

On 64-bit operating systems, access to JScript.dll can be restricted with the following command:

takeown /f %windir%\syswow64\jscript.dllcacls %windir%\syswow64\jscript.dll /E /P everyone:Ntakeown /f %windir%\system32\jscript.dllcacls %windir%\system32\jscript.dll /E /P everyone:N

Install vulnerability patches [2] or uninstall affected browsers.

Overriding DEP configuration from the system to all applications and adjusting the UAC setting level to the highest level may help mitigate the impact of this attack. However, further verification is required.

After reading the above, do you have any further understanding of how to perform remote code execution vulnerability analysis of Microsoft Internet Explorer Jscript.Dll component? If you still want to know more knowledge or related content, please pay attention to the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.