search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

Microsoft Internet Explorer Scripting Engine memory corruption vulnerability

Vulnerability Note VU#338824

Original Release Date: 2020-01-17 | Last Revised: 2020-02-19

Overview

The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code.

Description

Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability.

This vulnerability was detected in exploits in the wild.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page an email attachment), PDF file, Microsoft Office document, or any other document that supports embedded Internet Explorer scripting engine content, an attacker may be able to execute arbitrary code.

Solution

Apply an update

This issue is addressed in the Microsoft update for CVE-2020-0674. Please also consider the following workaround:

Restrict access to jscript.dll

jscript.dll is a library that provides compatibility with a deprecated version of JScript that was released in 2009. Blocking access to this library can prevent exploitation of this and similar vulnerabilities that may be present in this old technology. When Internet Explorer is used to browse the modern web, jscript9.dll is used by default. Note, however, that any given website has the ability to opt in to using the legacy jscript.dll instead of the default.

From Security Advisory ADV200001:

    For 32-bit systems, enter the following command at an administrative command prompt:

        takeown /f %windir%\system32\jscript.dll
        cacls %windir%\system32\jscript.dll /E /P everyone:N

    For 64-bit systems, enter the following command at an administrative command prompt:

        takeown /f %windir%\syswow64\jscript.dll
        cacls %windir%\syswow64\jscript.dll /E /P everyone:N
        takeown /f %windir%\system32\jscript.dll
        cacls %windir%\system32\jscript.dll /E /P everyone:N

    To revert the above changes:

    For 32-bit systems, enter the following command at an administrative command prompt:

     cacls %windir%\system32\jscript.dll /E /R everyone    

    For 64-bit systems, enter the following command at an administrative command prompt:

        cacls %windir%\system32\jscript.dll /E /R everyone    
        cacls %windir%\syswow64\jscript.dll /E /R everyone

    By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilize jscript as the scripting engine.

Vendor Information

338824
 
Expand all

Microsoft Affected

Updated:  February 19, 2020

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References


CVSS Metrics

Group Score Vector
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal 7.1 E:H/RL:W/RC:C
Environmental 7.1 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

Acknowledgements

This document was written by Will Dormann.

Other Information

CVE IDs: CVE-2020-0674
Date Public: 2020-01-17
Date First Published: 2020-01-17
Date Last Updated: 2020-02-19 23:56 UTC
Document Revision: 27

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis