Tag Archives: InternetExplorer

Remote Code Execution – Scripting Engine (CVE-2024-38178)

Remote Code Execution – Scripting Engine (CVE-2024-38178). A vulnerability from the August Microsoft Patch Tuesday. The victim clicks on the attacker’s link, memory corruption occurs and arbitrary attacker’s code is executed.

The tricky part is that the victim has to open the link in Microsoft Edge browser in Internet Explorer compatibility mode. But why would the victim want to set the browser to this mode?

🔻 The victim may be using some old corporate web application that only works in Internet Explorer, so the browser is configured this way. Not such a rare situation. 😏

🔻An attacker may try to convince the victim to enable the setting “Allow sites to be reloaded in Internet Explorer mode (IE mode)” in Edge. 🤷‍♂️

One way or another, the vulnerability is exploited in the wild and there is already a (semi?🤔)public exploit for it. My colleagues at PT ESC shared today how they found and tested this exploit. 🔍

На русском

“The Mystery of the Hole”: Remote Code Execution – Internet Explorer (CVE-2012-4792)

Leave a reply

“The Mystery of the Hole”: Remote Code Execution – Internet Explorer (CVE-2012-4792). Yesterday, an old vulnerability “CDwnBindInfo” from 2012 was added to CISA KEV: the user opens a malicious website in MS Internet Explorer 6–8 and the attacker gets RCE on user’s host. The vulnerability has been actively exploited since the end of 2012 as 0day in watering hole attacks on US organizations. In particular, the malicious code was placed on the hacked Council on Foreign Relations (CFR) website.

Why was the vulnerability added to CISA KEV only now?

🔹 New attacks on legacy systems (Win XP/ Vista/7, WinServer 2003/2008) were discovered? 🤪 It’s unlikely.

🔹 They saw a vulnerability with confirmed incidents, but it wasn’t in CISA KEV, so they added it? More likely, but why only this vulnerability? 🧐

🔹 There was no formal excuse for urgently updating found legacy systems? A bit strange. 🤷‍♂️

Let’s wait for updates. 🙂

На русском

Microsoft Patch Tuesday August 2020: vulnerabilities with Detected Exploitation, useful for phishing and others

Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities

1 Reply

Microsoft Patch Tuesday April 2020: my classification script, confusing RCE in Adobe Type Manager and updates for older vulnerabilities. Making the reviews of Microsoft Patch Tuesday vulnerabilities should be an easy task. All vulnerability data is publicly available. Even better, dozens of reviews have already been written. Just read them, combine and post. Right?

Not really. In fact it is quite boring and annoying. It may be fun to write about vulnerabilities that were already used in some real attacks. But this is a very small part of all vulnerabilities. What about more than a hundred others? They are like “some vulnerability in some component may be used in some attack (or may be not)”. If you describe each of them, no one will read or listen this.

You must choose what to highlight. And when I am reading the reports from Tenable, Qualys and ZDI, I see that they choose very different groups of vulnerabilities, pretty much randomly.

My classification script

That’s why I created a script that takes Patch Tuesday CVE data from microsoft.com and visualizes it giving me helicopter view on what can be interesting there. With nice grouping by vulnerability type and product, with custom icons for vulnerability types, coloring based on severity, etc.

Continue reading →

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more