OK, the Google P0 blog post by @ifsecure On VBScript mentions vuls in the scripting engine, but doesn't mention CVE-2018-8653 that was just fixed by Microsoft.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8653#ID0EMGAC …
https://googleprojectzero.blogspot.com/2018/12/on-vbscript.html …
Surely more than a coincidence? @_clem1 ?
Though now that I read through it, the mitigation that Microsoft lists is to unregister jscript.dll. So perhaps it is indeed something different. An attack using VBScript would be mitigated by unregistering vbscript.dll.
-
-
I'm also curious what triggers jscript.dll to be used on a modern system. Pretty much everything I've seen will use jscript9.dll to run JScript / Javascript.
Show this thread -
Answer: <meta http-equiv="X-UA-Compatible" content="IE=8"></meta> <script language="Jscript.Encode">
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.