search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Internet Explorer Scripting Engine memory corruption vulnerability

Vulnerability Note VU#338824

Original Release Date: 2020-01-17 | Last Revised: 2020-02-19

Overview

The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code.

Description

Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.

This vulnerability was detected in exploits in the wild.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page an email attachment), PDF file, Microsoft Office document, or any other document that supports embedded Internet Explorer scripting engine content, an attacker may be able to execute arbitrary code.

Solution

Apply an update

This issue is addressed in the Microsoft update for CVE-2020-0674. Please also consider the following workaround:

Restrict access to jscript.dll

jscript.dll is a library that provides compatibility with a deprecated version of JScript that was released in 2009. Blocking access to this library can prevent exploitation of this and similar vulnerabilities that may be present in this old technology. When Internet Explorer is used to browse the modern web, jscript9.dll is used by default. Note, however, that any given website has the ability to opt in to using the legacy jscript.dll instead of the default.

From Security Advisory ADV200001:

    For 32-bit systems, enter the following command at an administrative command prompt:

        takeown /f %windir%\system32\jscript.dll
        cacls %windir%\system32\jscript.dll /E /P everyone:N

    For 64-bit systems, enter the following command at an administrative command prompt:

        takeown /f %windir%\syswow64\jscript.dll
        cacls %windir%\syswow64\jscript.dll /E /P everyone:N
        takeown /f %windir%\system32\jscript.dll
        cacls %windir%\system32\jscript.dll /E /P everyone:N

    To revert the above changes:

    For 32-bit systems, enter the following command at an administrative command prompt:

     cacls %windir%\system32\jscript.dll /E /R everyone    

    For 64-bit systems, enter the following command at an administrative command prompt:

        cacls %windir%\system32\jscript.dll /E /R everyone    
        cacls %windir%\syswow64\jscript.dll /E /R everyone

    By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilize jscript as the scripting engine.

Vendor Information

338824
 
Affected   Unknown   Unaffected

Microsoft

Updated:  February 19, 2020

Status

  Affected

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal 7.1 E:H/RL:W/RC:C
Environmental 7.1 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Acknowledgements

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2020-0674
Date Public: 2020-01-17
Date First Published: 2020-01-17
Date Last Updated: 2020-02-19 23:56 UTC
Document Revision: 26

Sponsored by CISA.