Microsoft Scripting Engine (JScript) Type Confusion Vulnerability
漏洞信息
漏洞名称: Microsoft Scripting Engine (JScript) Type Confusion Vulnerability
漏洞编号:
- CVE: CVE-2025-30397
漏洞类型: 代码注入
漏洞等级: 高危
漏洞描述: ### 受影响产品
Microsoft Scripting Engine (JScript) 是微软提供的一个脚本引擎,广泛用于处理和执行JScript代码,常见于Internet Explorer浏览器及依赖JScript的系统中。由于其深度集成于Windows操作系统中,该漏洞影响范围广泛,包括多个版本的Windows 10、Windows 11及Windows Server系列。
漏洞解释
此漏洞属于类型混淆漏洞,存在于jscript.dll组件中,攻击者可以通过构造恶意的网页内容,诱使用户访问,从而触发内存损坏,实现远程代码执行(RCE)。漏洞的技术根源在于JScript引擎在处理特定类型的脚本时,未能正确验证类型,导致攻击者可以操纵内存布局,执行任意代码。
影响分析
该漏洞允许攻击者在受害者系统上远程执行代码,执行权限与当前用户相同。这意味着如果用户具有管理员权限,攻击者可能完全控制系统。漏洞已被确认在野外被利用,攻击者可以通过钓鱼攻击或嵌入恶意网站的方式利用此漏洞。由于漏洞的利用不需要用户交互(除了访问恶意网页),且存在公开的PoC代码,使得漏洞的风险等级较高。微软已发布补丁修复此漏洞,建议所有受影响系统立即应用安全更新,以避免潜在的安全风险。
产品厂商: Microsoft
产品名称: Microsoft Scripting Engine (JScript)
影响版本: Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2), Windows 11 (22H2, 23H2, 24H2), Windows Server (2008 SP2, 2008 R2 SP1, 2012, 2016, 2019, 2022, 2025)
来源: https://github.com/B1ack4sh/Blackash-CVE-2025-30397
类型: CVE-2025:github search
仓库文件
- README.md
来源概述
🚨 CVE-2025-30397 – Critical JScript RCE Vulnerability Exploited in the Wild 💥
🔥 CVE-2025-30397 Overview
- Type: Type confusion vulnerability
- Component: Microsoft Scripting Engine (JScript)
- Impact: Remote Code Execution (RCE)
- Attack Vector: Remote — triggered via malicious scripts in web content
- Severity: CVSS 3.1 score of 7.5 (High)
- Exploited: Confirmed in the wild
- Patched: May 2025 Patch Tuesday
- Deadline by CISA: Patching required before June 3, 2025
🛠️ Technical Summary
- A type confusion bug in
jscript.dllleads to memory corruption. - Exploitable by tricking a user into visiting a specially crafted webpage.
- Common payloads include launching system commands (e.g., spawning calculator).
- Works on legacy systems that still run Internet Explorer or rely on JScript.
🖥 Affected Systems
- Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2)
- Windows 11 (22H2, 23H2, 24H2)
- Windows Server (2008 SP2, 2008 R2 SP1, 2012, 2016, 2019, 2022, 2025)
🚨 Exploitation
- Proof-of-concept (PoC) code is public.
- Attackers can remotely execute code under the privileges of the user.
- Can be used in phishing attacks or embedded in malicious websites.
✅ Mitigation & Remediation
Apply Microsoft’s May 2025 security updates.
Disable JScript in environments where it’s not required.
For legacy systems:
- Isolate from internet access.
- Limit execution of IE-based content.
Monitor endpoints for signs of unusual script behavior or process spawning.
🔐 Recommendations
- Patch all affected systems immediately.
- Audit use of Internet Explorer and legacy scripting engines.
- Deploy endpoint protection with memory corruption detection.
- Inform users about risks of visiting unknown websites.
- If unable to patch, consider disabling or unregistering
jscript.dll.
🔒 Disclaimer
This information is provided for educational and defensive purposes only. Unauthorized exploitation of vulnerabilities without proper authorization is illegal and unethical. Always conduct security testing in a controlled environment and with explicit permission. The responsibility for any misuse of this information lies solely with the user.