Posts

Scripting Engine Memory Corruption Vulnerability CVE-2020-0674

/in /by

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Observing the exploit code the parameter in sort function is not added to the garbage collection hence it can be used later to achieve arbitrary code execution.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

The attacker connects to following malicious domains.

The IE crashes indicating the vulnerable dll

SonicWall Capture Labs Threat Research team provides protection against this vulnerability with the following signature:

  • IPS 14744 Scripting Engine Memory Corruption Vulnerability (CVE-2020-0674)

Microsoft hasa issued a patch for this vulnerability.

IoCs :

12e976a740b85e6a388d05e7f2a7cf718c74542ae5ecf920018c3ed4622704b9
7bd93ca00a16d87be656d1aab6a551f9e95d8001bc402de66402df49dbd999fd
c22379c184b5d40cdd49cda83208c71aee423d69890826a7c738f709bda0dc6c
77fb4527f2a0d5671bff164bb0e845275eb2559b3941a9a289fc778bc918a6c0
1efbf18887f7ffbbb7d6fb4436154e5558ff9ffea5b963b496bd354a47359b40
c170d81cce2fd67e21aa18623395c7eb457026ac41208df7b9821013117ce465
ebd8162e8966197c9fd72b51d49318d96155e6a6b18cc14c17c227e104fa6f46
437b49242ee018a3ef407d2aa0838dfcdb55013bf7a599ad2bbd2db4fa48aca5
202.122.128.28

Microsoft Security Bulletin Coverage for Feb 2020

/in /by

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of February 2020. A list of issues reported, along with SonicWall coverage information are as follows:
CVE-2020-0618 Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0655 Remote Desktop Services Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0657 Windows Common Log File System Driver Elevation of Privilege Vulnerability
ASPY 5885:Malformed-File exe.MP.118
CVE-2020-0658 Windows Common Log File System Driver Information Disclosure Vulnerability
ASPY 5885:Malformed-File exe.MP.118
CVE-2020-0659 Windows Data Sharing Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0660 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0661 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0662 Windows Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0663 Microsoft Edge Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0665 Active Directory Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0666 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0667 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0668 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0669 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0670 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0671 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0672 Windows Kernel Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0673 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0674 Scripting Engine Memory Corruption Vulnerability
ASPY 14745:HTTP Client Shellcode Exploit 114
CVE-2020-0675 Windows Key Isolation Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0676 Windows Key Isolation Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0677 Windows Key Isolation Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0678 Windows Error Reporting Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0679 Windows Function Discovery Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0680 Windows Function Discovery Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0681 Remote Desktop Client Remote Code Execution Vulnerability
IPS 14793:Remote Desktop Client Remote Code Execution Vulnerability (CVE-2020-0681)
CVE-2020-0682 Windows Function Discovery Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0683 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0685 Windows COM Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0686 Windows Installer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0688 Microsoft Exchange Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0689 Microsoft Secure Boot Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0691 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0692 Microsoft Exchange Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0693 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0694 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2020-0695 Microsoft Office Online Server Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2020-0696 Microsoft Outlook Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0697 Microsoft Office Tampering Vulnerability
There are no known exploits in the wild.
CVE-2020-0698 Windows Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0701 Windows Client License Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0702 Surface Hub Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2020-0703 Windows Backup Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0704 Windows Wireless Network Manager Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0705 Windows Network Driver Interface Specification (NDIS) Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0706 Microsoft Browser Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0707 Windows IME Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0708 Windows Imaging Library Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0709 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0710 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0711 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0712 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0713 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0714 DirectX Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0715 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5889:Malformed-File exe.MP.122
CVE-2020-0716 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0717 Win32k Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0719 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0720 Win32k Elevation of Privilege Vulnerability
ASPY 5890:Malformed-File exe.MP.123
CVE-2020-0721 Win32k Elevation of Privilege Vulnerability
ASPY 5891:Malformed-File exe.MP.124
CVE-2020-0722 Win32k Elevation of Privilege Vulnerability
ASPY 5892:Malformed-File exe.MP.125
CVE-2020-0723 Win32k Elevation of Privilege Vulnerability
ASPY 5893:Malformed-File exe.MP.126
CVE-2020-0724 Win32k Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0725 Win32k Elevation of Privilege Vulnerability
ASPY 5888:Malformed-File exe.MP.121
CVE-2020-0726 Win32k Elevation of Privilege Vulnerability
ASPY 5888:Malformed-File exe.MP.121
CVE-2020-0727 Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0728 Windows Modules Installer Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0729 LNK Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0730 Windows User Profile Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0731 Win32k Elevation of Privilege Vulnerability
ASPY 5887:Malformed-File exe.MP.120
CVE-2020-0732 DirectX Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0733 Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0734 Remote Desktop Client Remote Code Execution Vulnerability
ASPY 5884:Malformed-File exe.MP.117
CVE-2020-0735 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0736 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0737 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0738 Media Foundation Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0739 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0740 Connected Devices Platform Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0741 Connected Devices Platform Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0742 Connected Devices Platform Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0743 Connected Devices Platform Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0744 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0745 Windows Graphics Component Elevation of Privilege Vulnerability
ASPY 5886:Malformed-File exe.MP.119
CVE-2020-0746 Microsoft Graphics Components Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0747 Windows Data Sharing Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0748 Windows Key Isolation Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0749 Connected Devices Platform Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0750 Connected Devices Platform Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0751 Windows Hyper-V Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2020-0752 Windows Search Indexer Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0753 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0754 Windows Error Reporting Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0755 Windows Key Isolation Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0756 Windows Key Isolation Service Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2020-0757 Windows SSH Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2020-0759 Microsoft Excel Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2020-0767 Scripting Engine Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2020-0792 Windows Graphics Component Elevation of Privilege Vulnerability
There are no known exploits in the wild.