Microsoft Internet Explorer VBScript Execution Policy Bypass

Strike ID:
E19-0rao1
CVSS:
4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
False Positive:
f
Variants:
1
Year:
2019

Description

This strike exploits a vulnerability in Microsoft Internet Explorer. By utilizing VBScript.Encode it is possible to bypass the MSHTML Security Zone security policy that is put in place to allow or restrict VBScript from execution.

CVE

Google