Search This Blog

Powered by Blogger.

Blog Archive

Labels

Remote code execution vulnerability discovered in Windows JScript

New Zero-day Remote code execution vulnerability has been discovered in Microsoft Windows JScript that allows an attacker to run the arbitrary code on vulnerable installations of Microsoft Windows. The vulnerability allows remote attackers to execute malicious code on users’ PCs.

Responsible for discovering this bug is Dmitri Kaslov of Telspace Systems, who passed it along to Trend Micro's Zero-Day Initiative (ZDI), a project that intermediates the vulnerability disclosure process between independent researchers and larger companies.

Remote code execution is the ability an attacker has to access someone else’s computing device and make changes, no matter where the device is geographically located.

ZDI experts reported the issue to Microsoft back in January, but Microsoft has yet to release a patch for this vulnerability. Yesterday, ZDI published a summary containing light technical details about the bug.

JScript has a built-in error object that provides error information when an error occurs. The error object provides two useful properties: name and message.

This RCE flaw discovered in the handling of Error objects in JScript and the attacker can perform the specific actions in a script.

Because the vulnerability affects the JScript component (Microsoft custom implementation of JavaScript), the only condition is that the attacker must trick the user into accessing a malicious web page, or download and open a malicious JS file on the system (typically executed via the Windows Script Host —wscript.exe).

According to ZDI, specific action leads to an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.

"The specific flaw exists within the handling of Error objects in JScript," ZDI experts explained. "By performing actions in [Jscript], an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process."
Share it: