Jump to content

CVE-2020-0674 and I.E.8


Sampei.Nihira

Recommended Posts

18 minutes ago, Vistapocalypse said:

Thanks for clarifying that. Microsoft nevertheless rates the vulnerability's severity as Critical for IE 11 on Windows 7, but only Moderate for IE 9 on Server 2008 SP2.

I'm not familiar with OSArmor, but you've got me wondering if it could offer a better solution for Vista, i.e. block any process from jscript but not jscript9 (sorry if OT).

I am not sure if you want to ask me something about NVT OSA.:dubbio:
This software can also be installed with Windows XP, in my opinion it is fundamental for the protection of an OS especially if no longer supported by Microsoft.
Moreover, it also has a basic Anti-Exploit functionality that integrates perfectly with MBAE.:yes:

 

https://www.novirusthanks.org/products/osarmor/

Edited by Sampei.Nihira
Link to comment
Share on other sites


22 hours ago, Vistapocalypse said:

Thanks for clarifying that. Microsoft nevertheless rates the vulnerability's severity as Critical for IE 11 on Windows 7, but only Moderate for IE 9 on Server 2008 SP2.

It is probably because the enhanced security mode is enabled by default on IE on Server OS.

With luweitest PoC above, does this always depend on creating an ActiveX control? If so, aren't we well past the point of even thinking of having ActiveX enabled on a device that can access the internet?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...