The_Expert_Team_logo

"Sometimes when you fill a vacuum, it still sucks."


Home|About|Contact|Blog|Forum|Pages|Projects


 New Internet Explorer Vulnerability discovered: CVE-2020-0674
Published on 2020/02/25, by NojusK.

Vulnerability_logo

Recently a flaw has been discovered by Qihoo 360 that is a Scripting Engine Memory Corruption Vulnerability. The vulnerability is in jscript.dll, which is the scripting engine for legacy JScript code; note that all “non-legacy” JScript code (whatever that might be), and all JavaScript code gets executed by the newer scripting engine implemented in jscript9.dll. This vulnerability only affects certain websites that utilize jscript as the scripting engine. Microsoft’s workaround comprises setting permissions on jscript.dll such that nobody will be able to read it. This workaround has an expected negative side effect that if you’re using a web application that employs legacy JScript (and can as such only be used with Internet Explorer), this application will no longer work in your browser. There also several other negative side effects:

Windows Media Player is reported to break on playing MP4 files.

The sfc (Resource Checker), a tool that scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions, chokes on jscript.dll with altered permissions.

Printing to “Microsoft Print to PDF” is reported to break.

Proxy automatic configuration scripts (PAC scripts) may not work.

Sources:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001

https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html

Back button Back to the Previous Page

"Sometimes when you fill a vacuum, it still sucks."