目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CVE-2025-30397 PoC — Microsoft Scripting Engine 安全漏洞

来源
https://github.com/B1ack4sh/Blackash-CVE-2025-30397
关联漏洞
标题:Microsoft Scripting Engine 安全漏洞 (CVE-2025-30397)
Description:Microsoft Scripting Engine是美国微软(Microsoft)公司的一种工具,为JScript和VBScript提供脚本引擎。 Microsoft Scripting Engine存在安全漏洞。攻击者利用该漏洞可以远程执行代码。以下产品和版本受到影响:Windows 10 Version 21H2 for 32-bit Systems,Windows 10 Version 21H2 for ARM64-based Systems,Windows 10 Version 21H2 for
Description
CVE-2025-30397
介绍
# **🚨 CVE-2025-30397 – Critical JScript RCE Vulnerability Exploited in the Wild 💥**

---

### 🔥 CVE-2025-30397 Overview

* **Type**: Type confusion vulnerability
* **Component**: Microsoft Scripting Engine (JScript)
* **Impact**: Remote Code Execution (RCE)
* **Attack Vector**: Remote — triggered via malicious scripts in web content
* **Severity**: CVSS 3.1 score of 7.5 (High)
* **Exploited**: Confirmed in the wild
* **Patched**: May 2025 Patch Tuesday
* **Deadline by CISA**: Patching required before June 3, 2025

---

### 🛠️ Technical Summary

* A type confusion bug in `jscript.dll` leads to memory corruption.
* Exploitable by tricking a user into visiting a specially crafted webpage.
* Common payloads include launching system commands (e.g., spawning calculator).
* Works on legacy systems that still run Internet Explorer or rely on JScript.

---

### 🖥 Affected Systems

* Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2)
* Windows 11 (22H2, 23H2, 24H2)
* Windows Server (2008 SP2, 2008 R2 SP1, 2012, 2016, 2019, 2022, 2025)

---

### 🚨 Exploitation

* Proof-of-concept (PoC) code is public.
* Attackers can remotely execute code under the privileges of the user.
* Can be used in phishing attacks or embedded in malicious websites.

---

### ✅ Mitigation & Remediation

* Apply Microsoft’s May 2025 security updates.
* Disable JScript in environments where it’s not required.
* For legacy systems:

  * Isolate from internet access.
  * Limit execution of IE-based content.
* Monitor endpoints for signs of unusual script behavior or process spawning.

---

### 🔐 Recommendations

1. Patch all affected systems immediately.
2. Audit use of Internet Explorer and legacy scripting engines.
3. Deploy endpoint protection with memory corruption detection.
4. Inform users about risks of visiting unknown websites.
5. If unable to patch, consider disabling or unregistering `jscript.dll`.

---

### 🔒 Disclaimer

This information is provided for **educational and defensive purposes only**. Unauthorized exploitation of vulnerabilities without proper authorization is **illegal and unethical**. Always conduct security testing in a **controlled environment** and with **explicit permission**. The responsibility for any misuse of this information lies solely with the user.
文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看
备注
    1. 建议优先通过来源进行访问。
    2. 本地 POC 快照面向订阅用户开放;当原始来源失效或无法访问时,本地镜像作为订阅权益的一部分提供。
    3. 持续抓取、验证、维护这份 POC 档案需要不少投入,因此本地快照已纳入付费订阅。您的订阅是让这份资料能继续走下去的关键,由衷感谢。 查看订阅方案 →