Tag Archives: PTESC

Remote Code Execution – Scripting Engine (CVE-2024-38178)

Remote Code Execution – Scripting Engine (CVE-2024-38178). A vulnerability from the August Microsoft Patch Tuesday. The victim clicks on the attacker’s link, memory corruption occurs and arbitrary attacker’s code is executed.

The tricky part is that the victim has to open the link in Microsoft Edge browser in Internet Explorer compatibility mode. But why would the victim want to set the browser to this mode?

🔻 The victim may be using some old corporate web application that only works in Internet Explorer, so the browser is configured this way. Not such a rare situation. 😏

🔻An attacker may try to convince the victim to enable the setting “Allow sites to be reloaded in Internet Explorer mode (IE mode)” in Edge. 🤷‍♂️

One way or another, the vulnerability is exploited in the wild and there is already a (semi?🤔)public exploit for it. My colleagues at PT ESC shared today how they found and tested this exploit. 🔍

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: PTESC

Remote Code Execution – Scripting Engine (CVE-2024-38178)