Remote Code Execution – Scripting Engine (CVE-2024-38178). A vulnerability from the August Microsoft Patch Tuesday. The victim clicks on the attacker’s link, memory corruption occurs and arbitrary attacker’s code is executed.
The tricky part is that the victim has to open the link in Microsoft Edge browser in Internet Explorer compatibility mode. But why would the victim want to set the browser to this mode?
🔻 The victim may be using some old corporate web application that only works in Internet Explorer, so the browser is configured this way. Not such a rare situation. 😏
🔻An attacker may try to convince the victim to enable the setting “Allow sites to be reloaded in Internet Explorer mode (IE mode)” in Edge. 🤷♂️
One way or another, the vulnerability is exploited in the wild and there is already a (semi?🤔)public exploit for it. My colleagues at PT ESC shared today how they found and tested this exploit. 🔍
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.