关联漏洞
标题:
Microsoft Scripting Engine 安全漏洞
(CVE-2025-30397)
描述:Microsoft Scripting Engine是美国微软(Microsoft)公司的一种工具,为JScript和VBScript提供脚本引擎。 Microsoft Scripting Engine存在安全漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for
描述
CVE-2025-30397
介绍
# **🚨 CVE-2025-30397 – Critical JScript RCE Vulnerability Exploited in the Wild 💥**
---
### 🔥 CVE-2025-30397 Overview
* **Type**: Type confusion vulnerability
* **Component**: Microsoft Scripting Engine (JScript)
* **Impact**: Remote Code Execution (RCE)
* **Attack Vector**: Remote — triggered via malicious scripts in web content
* **Severity**: CVSS 3.1 score of 7.5 (High)
* **Exploited**: Confirmed in the wild
* **Patched**: May 2025 Patch Tuesday
* **Deadline by CISA**: Patching required before June 3, 2025
---
### 🛠️ Technical Summary
* A type confusion bug in `jscript.dll` leads to memory corruption.
* Exploitable by tricking a user into visiting a specially crafted webpage.
* Common payloads include launching system commands (e.g., spawning calculator).
* Works on legacy systems that still run Internet Explorer or rely on JScript.
---
### 🖥 Affected Systems
* Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2)
* Windows 11 (22H2, 23H2, 24H2)
* Windows Server (2008 SP2, 2008 R2 SP1, 2012, 2016, 2019, 2022, 2025)
---
### 🚨 Exploitation
* Proof-of-concept (PoC) code is public.
* Attackers can remotely execute code under the privileges of the user.
* Can be used in phishing attacks or embedded in malicious websites.
---
### ✅ Mitigation & Remediation
* Apply Microsoft’s May 2025 security updates.
* Disable JScript in environments where it’s not required.
* For legacy systems:
* Isolate from internet access.
* Limit execution of IE-based content.
* Monitor endpoints for signs of unusual script behavior or process spawning.
---
### 🔐 Recommendations
1. Patch all affected systems immediately.
2. Audit use of Internet Explorer and legacy scripting engines.
3. Deploy endpoint protection with memory corruption detection.
4. Inform users about risks of visiting unknown websites.
5. If unable to patch, consider disabling or unregistering `jscript.dll`.
---
### 🔒 Disclaimer
This information is provided for **educational and defensive purposes only**. Unauthorized exploitation of vulnerabilities without proper authorization is **illegal and unethical**. Always conduct security testing in a **controlled environment** and with **explicit permission**. The responsibility for any misuse of this information lies solely with the user.
文件快照
[4.0K] /data/pocs/905a3d8708d12b8a0abb865cc50ef76f02f04ade
└── [2.3K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。