Microsoft Scripting Engine Type Confusion Vulnerability Allowing Remote Code Execution

A type confusion vulnerability has been identified in the Microsoft Scripting Engine, which could allow an unauthorized attacker to execute code remotely. This vulnerability arises from improper handling of resources, leading to potential memory corruption. It is particularly concerning when exploited through Internet Explorer mode in Microsoft Edge, where the exploitation can be initiated without user awareness.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, a user must first enable Internet Explorer mode in Microsoft Edge. Once this is done, an authenticated user can be tricked into clicking a link that initiates the exploitation, leading to remote code execution.

Remediation

Users can apply the security updates provided by Microsoft to address this vulnerability. These security updates can be downloaded via the Microsoft Update Catalog. For systems running Windows Server 2012 R2, it's recommended to install the Internet Explorer Cumulative updates.